diff options
author | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
commit | 3a961dc0d36c1f87788b707130f6d07709822d38 (patch) | |
tree | 57f3a729408e4cbe08fa7f9699de2e583e0b2ca0 /auth-pam.c | |
parent | 35276253a60a3e57ec21b82b2e3c81e03c0206de (diff) |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.63 2003/06/02 01:04:39 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.64 2003/06/03 00:25:48 djm Exp $"); #ifdef USE_PAM #include <security/pam_appl.h> @@ -299,8 +299,7 @@ sshpam_init(const char *user) sshpam_handle = NULL; return (-1); } - pam_rhost = get_remote_name_or_ip(utmp_len, - options.verify_reverse_mapping); + pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns); debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); if (sshpam_err != PAM_SUCCESS) { |