carson at taltos.org
Thu Feb 6 10:47:39 EST 2003
--On Wednesday, February 05, 2003 5:03 PM -0600 Ben Lindstrom
<mouring at etoh.eviladmin.org> wrote:
> I think we need to discuss the usage of it before jumping the gun and
> changing it.
> WHY do do you have 256 AllowUser? Is it a case where you would be better
> off with 20 DenyUser lines?
> I'd rather see the code (which I think would not be too much of a problem)
> be dynamically allocated if it really needs to be upped, but I think we
> are running into the case of abuse of a feature without understanding it.
DenyUser is almost always a bad idea. Explicit permits are much better than
denies - denies fail to take account of new users, and fail open, rather
than fail closed.
More information about the openssh-unix-dev