[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Class-imposed login restrictions (on FreeBSD)
From:       Ed Maste <emaste () freebsd ! org>
Date:       2021-08-30 17:39:16
Message-ID: CAPyFy2CNwVT8HwHdhSVz6xbXXKrWS7HPOOcc6DNx4GztUaUsgQ () mail ! gmail ! com
[Download RAW message or body]

I have been working on reconciling the local modifications to the copy
of OpenSSH in the FreeBSD base system, and a number of smaller changes
have been committed upstream.

One open issue is support for login class-based restrictions,
originally introduced in 2002[1]. It can restrict login by time period
and by remote host. A version of this change was submitted to the
OpenSSH github repository[2], but a reviewer suggested it was
unnecessarily complicated (it used the monitor process to obtain the
class info). This was simplified in a second submission[3].

I can send the patch to this list in the near future, but wanted to
highlight it in case anyone is interested in taking a look.

[1] https://cgit.FreeBSD.org/src/commit/?id=5b400a39b8add453bd7e777b9306ef91f8f1403c
[2] https://github.com/openssh/openssh-portable/pull/261
[3] https://github.com/openssh/openssh-portable/pull/262
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]