Date: Tue, 26 Jan 1999 11:33:14 -0800 From: Aleph One <aleph1@UNDERGROUND.ORG> Subject: Administrivia To: BUGTRAQ@NETSPACE.ORG --MW5yreqqjyrRcusr Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable As you might have noticed, the signature of some PGP signed messages sent to the list do not verify correctly, as was the case yesterday with Wietse's email. Sometimes the signatures verify just fine. This was the result of LISTSERV performing tabs expansion on messages, a legacy of its mainframe roots (know of many mailing list management software that performs ASCII to EBCDIC translation?). I've turned this feature off. If all goes well this message with tabs will have a valid=20 signature. I am killing the SSH thread unless someone has anything new to add. It simply comes down to the fact that SSH, like all other services,=20 must check all available authorization policies before providing its service. But the large set of possible restrictions implemented by different unix flavors (account expiration, password expiration, time of day, source location, load, etc) almost assure that it will miss some of them. This is something that PAM can alleviate, as ideally all=20 possible authorization policies could be implemented via PAM modules, regardless of the service itself. Another solution is the use of one of the available authorization servers (like the HP Presidum). --=20 Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5=20 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01=20 --MW5yreqqjyrRcusr Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: SzIIpkflPSYInfet4ew+lomFDtAmFF0t iQCVAwUBNq4KaKIpBheUj9a1AQGelAP7BZ1+dMOacbnZoV0jXFWCX6DL4uADqRDw TxBhr3M6VfHoLgzexlHPTC58OpMHO6XnXaeK+WJeuQQAK/zPrKX9EQ533yur1YD+ VDwlkODy7ft1WssRMI3ZZk3cM9XsyNHeAuC7pEEoSj7SghzQKkykbfyB5iwPqbPo cCfvwVJtRAA= =53dr -----END PGP SIGNATURE----- --MW5yreqqjyrRcusr--