Партнёры:
Хостинг:
/etc/opieaccess - OPIE database of trusted networks
The entire notion of trust implemented in the opieaccess file is a major security hole because it opens your system back up to the same passive attacks that the OPIE system is designed to protect you against. The opieaccess support in this version of OPIE exists solely because we believe that it is better to have it so that users who don't want their accounts broken into can use OPIE than to have them prevented from doing so by users who don't want to use OPIE. In any environment, it should be considered a transition tool and not a permanent fixture. When it is not being used as a transition tool, a version of OPIE that has been built without support for the opieaccess file should be built to prevent the possibility of an attacker using this file as a means to circumvent the OPIE software.
The opieaccess file consists of lines containing three fields separated by spaces (tabs are properly interpreted, but spaces should be used instead) as follows:
Field Description action "permit" or "deny" non-OPIE logins address Address of the network to match mask Mask of the network to match
Subnets can be controlled by using the appropriate address and mask. Individual hosts can be controlled by using the appropriate address and a mask of 255.255.255.255. If no rules are matched, the default is to deny non-OPIE logins.
S/Key is a trademark of Bell Communications Research (Bellcore).
skey-users-request@thumper.bellcore.com
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |