Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Jul 1998 14:05:43 -0700 (MST)
From:      "Chad R. Larson" <chad@freebie.dcfinc.com>
To:        pajarola@cybertime.ch (Rico Pajarola)
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: Finger and getpwent
Message-ID:  <199807162105.OAA02417@freebie.dcfinc.com>
In-Reply-To: <3.0.32.19980716145425.00726d20@www.dlc.cybertime.ch> from Rico Pajarola at "Jul 16, 98 02:57:16 pm"

next in thread | previous in thread | raw e-mail | index | archive | help
> I think something like this should go into /etc/login.conf. I already use
> the nologin file (which can be set per login-class) to make ftp-only
> accounts, and the ftpusers file to make email-only accounts. I like this
> solution because it looks 'clean' to me, but it's by far not complete. And
> the nicest login.conf doesn't help you if the programs you use don't look
> at it (and afaik only login itself looks at it yet, guess why it's called
> login.conf).
> 
> Rico

The model that make sense to me is the SysVr4 Service Access Controller
(SAC).  From a security standpoint, there were way too many different
ways to get a "login" prompt from the system.  The telnet daemon, the
rlogin daemon, FTP, the regular login, the UUCP service, etc.  So now
there is only one process that issues "login", and every thing else goes
through it.  That gives a single point to install authentication and
access control.

The other band-aids grew up, in my opinion, as people who didn't have
source to their systems tried to fix things up.  We FreeBSDers have the
facilities to implement a global solution similar to the SysVr4 one.

	-crl
--
Chad R. Larson (CRL22)                 Brother, can you paradigm?
602-953-1392  chad@dcfinc.com  chad@anasazi.com  larson1@home.com
DCF, Inc.  -  14623 North 49th Place,  Scottsdale, Arizona  85254

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807162105.OAA02417>