Date: Fri, 3 Aug 2001 00:22:01 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Mark Murray <markm@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libopie Makefile Message-ID: <20010803002200.C3285@nagual.pp.ru> In-Reply-To: <200108021858.f72Iwqv85338@freefall.freebsd.org> References: <200108021858.f72Iwqv85338@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 02, 2001 at 11:58:52 -0700, Mark Murray wrote: > markm 2001/08/02 11:58:52 PDT > > Modified files: > lib/libopie Makefile > Log: > Add opieaccess(5) functionality under the INSECURE_OPIE .ifdef. Umm, it is not what I ask exactly. Maintaining /etc/opieaccess NOT belongs to INSECURE in OPIE meaning. By INSECURE OPIE means connection that could be potentially spyed, but /etc/opieaccess modification belongs to root and completely outside OPIE scope because not use OPIE anyhow, just system resources, so it must be always enabled. I.e. this sysadmin action not envolve insecure connection in OPIE meaning. Now about /etc/opieaccess _contents_ (which possible could lead to insecure connection): lets sysadmin deside, what is secure for him and what is not. We should not restrict by default his right to have /etc/opieaccess if he wants. BTW, if we plan to keep SKEY compatibility, the same /etc/skey.access was _always_ enabled too. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010803002200.C3285>