login(1) doesn't enforce times.allow/times.deny over ssh(1)

Farid Hajji me at farid-hajji.de
Sun Jul 20 13:27:40 PDT 2003

On Sunday 20 July 2003 09:38 pm, Doug White wrote:
> On Sun, 20 Jul 2003, Farid Hajji wrote:
> > When using ssh, I'm not trying public/private keys,
> > just plain unix passwords. Doesn't ssh access login(1)
> > in this case?
> sshd does not use login unless requested to do so by the UseLogin config
> parameter.

Yessss, that was it.

> There have been security vulnerabilities exposed by using this option in
> the past.  You have been warned :)

So we need an additional pam module for such policy
settings. That's reasonable.

Many thanks.

Farid Hajji. http://www.farid-hajji.net/address.html 

More information about the freebsd-current mailing list