Date: Fri, 19 Jan 2001 15:32:18 -0500 From: "David J. MacKenzie" <djm@web.us.uu.net> To: freebsd-security@FreeBSD.ORG Cc: djm@web.us.uu.net Subject: login_access() Message-ID: <20010119203218.E79A912686@jenkins.web.us.uu.net>
next in thread | raw e-mail | index | archive | help
login.c in -stable is compiled by default with login_access(), which is in the login source directory. It reads /etc/login.access to restrict who can login. sshd also uses that source file. However, rshd and the MIT krb5 port don't check that file, so relying on it for authorization is risky. I suggest that login_access() be removed from the login source directory and turned into a PAM module account management function so it can be used uniformly without specially hacking each program that needs it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119203218.E79A912686>