[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-hackers
Subject:    Re: Does anybody need it ?
From:       Julian Assange <proff () suburbia ! net>
Date:       1996-12-03 13:02:25
[Download RAW message or body]

> Hi!
> 
> In order to use a FreeBSD box in our working environment I 
> did implemented an additional security feature in it. The question
> is: would it be possible to commit these changes ?
> 
> The idea is to limit certain logins to be accessible from
> certain hosts only. So I added a database that describes allowed
> hosts, say /etc/userhost.conf, in format like:
> 
> *:host1,host2,host3
> user1:host1,host4
> user2:*
> 
> where * means `any user' or `any host'. Then added a function

I don't like these solutions, though I'd be reluctant to say no
to anything that is functioning code even if it isn't optimal. 

Ideally we should have a general authentication library that
performs matching of credentials and credential types seeking services.

Credentials are items such as tty, password authentication, various crypto-
graphic authenticators and groups of equivalient credentials.

Services are items such as finger, ftpd, shell, mail and grouping of services.

This is about as good a generic authentication scheme as you can achive without
resorting to mac esotrics.

Julian A.

[prev in list] [next in list] [prev in thread] [next in thread]