From owner-freebsd-current@FreeBSD.ORG  Sun Jul 20 13:27:39 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B312637B401
	for <freebsd-current@freebsd.org>;
	Sun, 20 Jul 2003 13:27:39 -0700 (PDT)
Received: from dsl-mail.kamp.net (mail.kamp-dsl.de [195.62.99.42])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3EB3343F3F
	for <freebsd-current@freebsd.org>;
	Sun, 20 Jul 2003 13:27:38 -0700 (PDT)
	(envelope-from me@farid-hajji.de)
Received: (qmail 18520 invoked by uid 505); 20 Jul 2003 20:27:43 -0000
Received: from me@farid-hajji.de by dsl-mail by uid 502 with
	qmail-scanner-1.14  (spamassassin: 2.43.  Clear:. 
	Processed in 0.186526 secs); 20 Jul 2003 20:27:43 -0000
Received: from unknown (HELO reverse-213-146-116-200.dialin.kamp-dsl.de)
	(213.146.116.200)
	by dsl-mail.kamp.net with SMTP; 20 Jul 2003 20:27:43 -0000
From: Farid Hajji <me@farid-hajji.de>
To: Doug White <dwhite@gumbysoft.com>
Date: Sun, 20 Jul 2003 22:27:41 +0200
User-Agent: KMail/1.5.2
References: <200307202032.02281.me@farid-hajji.de>
	<20030720123716.V65450@carver.gumbysoft.com>
In-Reply-To: <20030720123716.V65450@carver.gumbysoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200307202227.41390.me@farid-hajji.de>
cc: freebsd-current@freebsd.org
Subject: Re: login(1) doesn't enforce times.allow/times.deny over ssh(1)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: me@farid-hajji.de
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2003 20:27:40 -0000

On Sunday 20 July 2003 09:38 pm, Doug White wrote:
> On Sun, 20 Jul 2003, Farid Hajji wrote:
> > When using ssh, I'm not trying public/private keys,
> > just plain unix passwords. Doesn't ssh access login(1)
> > in this case?
>
> sshd does not use login unless requested to do so by the UseLogin config
> parameter.

Yessss, that was it.

> There have been security vulnerabilities exposed by using this option in
> the past.  You have been warned :)

So we need an additional pam module for such policy
settings. That's reasonable.

Many thanks.

-- 
Farid Hajji. http://www.farid-hajji.net/address.html