Subject: is skeyaudit(1) security-related?
To: None <tech-userlevel@netbsd.org, tech-security@netbsd.org>
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
List: tech-userlevel
Date: 03/07/2001 21:20:54
skeyaudit(1) checks if a user is running out of skey keys, and sends him a
warning mail if so.

What I'm wondering now is if this should be regarded as a security-related
action, or as a "normal" administrative one. Accordingly, should skeyaudit
be run from /etc/daily, or from /etc/security. The latter bears the risk
that the users don't get warned if an admin turns off running
/etc/security (by putting run_security=no into daily.conf), and I think
moving skeyaudit from /etc/security to /etc/daily is TRT. 

Comments on this subject?


 - Hubert


P.S.: Assorted PR is 12267 (we currently allow running skeyaudit from both
      /etc/daily and /etc/security, which does not make much sense.

-- 
Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>