[plug] telnet server question
Craig Ringer
craig at postnewspapers.com.au
Thu Jul 24 08:08:43 WST 2003
> Yes, my complaint doesn't lie with using /bin/false for daemons, since
> they don't have valid password. But for regular users, who have valid
> password but aren't allowed to have shell access, /bin/false is just
> weird. I would suggest porting OpenBSD's nologin (dibs! ;) which should
> be exceedingly easy since the function of the programme is so 'trivial'
> and it's probably in ANSI C. Like you say, a shell script would
> basically do.
How will this handle graphical logins over XDMCP though? That is what
most of our users here are using, and anything that just prints to
stderr will no doubt show up as an unexplained sudden exit anyway.
What I'd really like would be for [gkx]dm to check /etc/shells and
compare the list of allowed login shells therein to the user's login
shell. If the user's login shell is not included in the list of allowed
login shells, it should print a nice warning explaining that, sorry, you
can't log in. Problem solved before the user even authenticates (though
I think I'd want it do do this only after validating their password, to
prevent easy scanning for 'special' users).
Hmm... wonder how hard it'd be...
Craig Ringer
More information about the plug
mailing list