Date: Fri, 11 Mar 2011 10:17:32 +0000 From: Miguel Lopes Santos Ramos <mbox@miguel.ramos.name> To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks Message-ID: <1299838652.24241.1.camel@w500.local> In-Reply-To: <86aah2yopr.fsf@ds4.des.no> References: <1299682310.17149.24.camel@w500.local> <86aah2yopr.fsf@ds4.des.no>
index | next in thread | previous in thread | raw e-mail
Sex, 2011-03-11 às 10:46 +0100, Dag-Erling Smørgrav escreveu: > Miguel Lopes Santos Ramos <mbox@miguel.ramos.name> writes: > > 1. The user does not have OPIE enabled and the remote host is listed as > > a trusted host in /etc/opieaccess. > > 2. The user has OPIE enabled and the remote host is listed as a trusted > > host in /etc/opieaccess, and the user does not have a file > > named .opiealways in his home directory. > > > > Or at least this should be an option for pam_opieaccess. > > Seems like a good idea, at first blush (provided it's optional). Do you > have a patch? > > DES I will make a scratch. I'll submit it to the list on the weekend. -- Miguel Ramos <mbox@miguel.ramos.name> PGP A006A14Chelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1299838652.24241.1.camel>