From owner-freebsd-security@FreeBSD.ORG Fri Mar 11 10:17:55 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE23C106564A for ; Fri, 11 Mar 2011 10:17:55 +0000 (UTC) (envelope-from mbox@miguel.ramos.name) Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [IPv6:2607:fe70:0:3::d]) by mx1.freebsd.org (Postfix) with ESMTP id C2FD48FC13 for ; Fri, 11 Mar 2011 10:17:55 +0000 (UTC) Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id B040D594008; Fri, 11 Mar 2011 02:17:45 -0800 (PST) Received: from w500.local (a83-132-6-167.cpe.netcabo.pt [83.132.6.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: @miguel.ramos.name) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Fri, 11 Mar 2011 02:17:45 -0800 (PST) Received: from w500.local (w500.local [127.0.0.1]) by w500.local (8.14.4/8.14.4) with ESMTP id p2BAHWCd024311; Fri, 11 Mar 2011 10:17:32 GMT Received: (from miguel@localhost) by w500.local (8.14.4/8.14.4/Submit) id p2BAHW9s024310; Fri, 11 Mar 2011 10:17:32 GMT X-Authentication-Warning: w500.local: miguel set sender to mbox@miguel.ramos.name using -f From: Miguel Lopes Santos Ramos To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= In-Reply-To: <86aah2yopr.fsf@ds4.des.no> References: <1299682310.17149.24.camel@w500.local> <86aah2yopr.fsf@ds4.des.no> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Date: Fri, 11 Mar 2011 10:17:32 +0000 Message-ID: <1299838652.24241.1.camel@w500.local> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact abuse@rollernet.us to report violations. Abuse policy: http://rollernet.us/abuse.php X-Rollernet-Submit: Submit ID 7fa9.4d79f6c9.1f5d9.0 Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2011 10:17:56 -0000 Sex, 2011-03-11 =C3=A0s 10:46 +0100, Dag-Erling Sm=C3=B8rgrav escreveu: > Miguel Lopes Santos Ramos writes: > > 1. The user does not have OPIE enabled and the remote host is listed as > > a trusted host in /etc/opieaccess. > > 2. The user has OPIE enabled and the remote host is listed as a trusted > > host in /etc/opieaccess, and the user does not have a file > > named .opiealways in his home directory. > > > > Or at least this should be an option for pam_opieaccess. >=20 > Seems like a good idea, at first blush (provided it's optional). Do you > have a patch? >=20 > DES I will make a scratch. I'll submit it to the list on the weekend. --=20 Miguel Ramos PGP A006A14C