Date: Sun, 19 Aug 2001 02:48:17 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Ferdinand Goldmann <ferdl@atommuell.oeh.uni-linz.ac.at> Cc: mike@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: conf/5062: login.access not evaluated correctly Message-ID: <20010819024816.C92366@xor.obsecurity.org> In-Reply-To: <Pine.BSF.4.31.0107251136000.69991-100000@atommuell.oeh.uni-linz.ac.at>; from ferdl@atommuell.oeh.uni-linz.ac.at on Wed, Jul 25, 2001 at 11:42:07AM %2B0200 References: <200107220550.f6M5o0Y73296@freefall.freebsd.org> <Pine.BSF.4.31.0107251136000.69991-100000@atommuell.oeh.uni-linz.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
--Qbvjkv9qwOGw/5Fx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 25, 2001 at 11:42:07AM +0200, Ferdinand Goldmann wrote: > Hello! >=20 > On Sat, 21 Jul 2001 mike@FreeBSD.org wrote: >=20 > > Synopsis: login.access not evaluated correctly > > > > State-Changed-From-To: open->feedback > > State-Changed-By: mike > > State-Changed-When: Sat Jul 21 22:49:39 PDT 2001 > > State-Changed-Why: > > > > Does this problem still occur in newer versions of FreeBSD, > > such as 4.3-RELEASE? > > >=20 > I have a fairly recent 4.3-STABLE now, and I just tested it. >=20 > It seems to me that this problem indeed still exists: >=20 > On the server the following login.access entry: > -:k000188:ALL EXCEPT LOCAL 140.78.4.26 >=20 > yields: >=20 > Received disconnect from 140.78.4.60: Sorry, you are not allowed to con= nect. >=20 > when trying to connect from 140.78.4.26. (nice error message, BTW) >=20 > Using: > -:k000188:ALL EXCEPT LOCAL alijku05 > gives the same error. >=20 > Using the FQDN > -:k000188:ALL EXCEPT LOCAL alijku05.edvz.uni-linz.ac.at > works: >=20 > k000181@alijku05$ ssh -l k000188 control > k000188@control's password: > Last login: Tue Jul 24 14:04:41 2001 from ... I don't think login.access is well maintained or well integrated into system utilities any more..perhaps we should deprecate it instead of giving users the false sense that it's actually working as expected. Kris --Qbvjkv9qwOGw/5Fx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7f4tgWry0BWjoQKURAg5LAJ914o1gsQZme4ni1c1NFIf7j19jhgCeJa94 DVTK6clXWbavuYkRN9SjwHw= =c85C -----END PGP SIGNATURE----- --Qbvjkv9qwOGw/5Fx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010819024816.C92366>