Subject: Re: CVS commit: src
To: None <current-users@netbsd.org>
From: Olaf Seibert <rhialto@polder.ubc.kun.nl>
List: current-users
Date: 03/17/1999 16:06:37
On Tue, 16 Mar 1999, Bill Studenmund wrote:
> On 16 Mar 1999, Perry E. Metzger wrote:
>
> > We need a general way to say "account is valid but password field is
> > not", as in, for instance, ssh only accounts.
> >
> > How about another character besides "*" for that? Perhaps a "#"?
>
> I like some sort of list. "*" would, as present, mean no-valid-password.
> But we could have a lot of different values. The main cluster at Stanford
> uses AFS for afs-domain passwords. ssh would make sense for what you
> describe. And I'd vote for a short phrase rather than "#" :-)
Well, if we do that sort of thing we should go the whole way, with either
PAM or that FreeBSD thing (forgot how it's called).
What I want is something like:
- allow login via ssh always
- allow login via telnet only from certain IP numbers
- but allow normal password login only from certain (fewere) IP numbers
- and require one-time-passwords from others
- and something similar for ftp, possibly differing per account.
- and some accounts are ftp-only
- and others perhaps Samba-only... (etc)
> Bill
-Olaf.
--
___ Olaf 'Rhialto' Seibert - rhialto@polder.ubc. ---- Unauthorized duplication,
\X/ .kun.nl ---- while sometimes necessary, is never as good as the real thing.