Date: Sun, 16 Feb 2003 20:16:43 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Mark Murray <mark@grondar.org>, "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Dag-Erling Smorgrav <des@ofug.org>, current@FreeBSD.ORG Subject: Re: OPIE breakage: backout & patch for review Message-ID: <p05200f04ba75e7cb870f@[128.113.24.47]> In-Reply-To: <200302161548.h1GFmKaX033271@grimreaper.grondar.org> References: <200302161548.h1GFmKaX033271@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 3:48 PM +0000 2/16/03, Mark Murray wrote:
>"Andrey A. Chernov" writes:
> > On Sun, Feb 16, 2003, Dag-Erling Smorgrav wrote:
> > > "Andrey A. Chernov" <ache@nagual.pp.ru> writes:
>> > > Admins with no /etc/opieaccess AFFECTED!
>> >
>> > Admins with no /etc/opieaccess IDIOTS for not running mergemaster!
>>
> > Moreover, admins WITH old /etc/opieaccess (i.e. without your
> > line) are affected too! Local logins becomes mysteriosly
> > disabled for their users.
>
>With a suitable "HEADS UP!" and appropriate changes to the
>documentation, might is be possible to move _all_ policy control
>into PAM, instead of having it split between OPIE and PAM?
If I understand this right, the issue is not some split between
OPIE and PAM. The issue is that OPIE wants a zero-length hostname
to indicate localhost. Andrey provided a patch which allows OPIE
to keep that standard (to OPIE) meaning. Could people try his
patch and then explain why it does not solve the problem they are
trying to solve?
If it means that PAM needs to be changed to use the same token
("") for localhost, that seems fine to me. Just as long as it's
documented.
--
Garance Alistair Drosehn = gad@gilead.netel.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05200f04ba75e7cb870f>