Feature disappeared?

Gert Doering gert at greenie.muc.de
Mon Oct 30 22:43:54 EST 2000


Hi,

On Mon, Oct 30, 2000 at 01:39:39PM +0200, Pekka Savola wrote:
> > > 'IgnoreRhosts yes' will ignore .shosts files too.
> > 
> > Umm, yes, but that's something else.  AllowSHosts permits .shosts files on
> > a per-host basis, so I can say "for *.mydomain.de, .shosts is ok, for
> > everybody else, it's not ok".
> 
> Well, I'd care to wager the feature disappeared to the same hole as
> AllowHosts did too.  Certainly intentional.

Well, dropping AllowHosts doesn't mean dropping functionality (because it
can be done via TCP wrappers).  

Dropping AllowSHosts means "I can't do that anymore", which should have
security reasons, which I don't see any right now...

> I nagged about AllowHosts _a lot_ but eventually patched TCP Wrappers so
> that it can take more complex host definitions too (like *isdn1*.isp.com).

What's your gripe with AllowHosts?

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de





More information about the openssh-unix-dev mailing list