deprecate VerifyReverseMapping since it's dangerous if combined

with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
author: markus <markus@openbsd.org> 2003-06-02 09:17:34 +0000
committer: markus <markus@openbsd.org> 2003-06-02 09:17:34 +0000
commit: 6338240c9e24d276ac80005155d820d869a3d411 (patch)
tree: bff80261da1a770c54b0fdc90187b4406111964d /usr.bin/ssh/auth.c
parent: Need snprintf here. (diff)
download: wireguard-openbsd-6338240c9e24d276ac80005155d820d869a3d411.tar.xz
wireguard-openbsd-6338240c9e24d276ac80005155d820d869a3d411.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index c58c6834b15..89882c56b5e 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.47 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth.c,v 1.48 2003/06/02 09:17:34 markus Exp $");
 
 #include <libgen.h>
 
@@ -91,7 +91,7 @@ allowed_user(struct passwd * pw)
 	}
 
 	if (options.num_deny_users > 0 || options.num_allow_users > 0) {
-		hostname = get_canonical_hostname(options.verify_reverse_mapping);
+		hostname = get_canonical_hostname(options.use_dns);
 		ipaddr = get_remote_ipaddr();
 	}
author	markus <markus@openbsd.org>	2003-06-02 09:17:34 +0000
committer	markus <markus@openbsd.org>	2003-06-02 09:17:34 +0000
commit	6338240c9e24d276ac80005155d820d869a3d411 (patch)
tree	bff80261da1a770c54b0fdc90187b4406111964d /usr.bin/ssh/auth.c
parent	Need snprintf here. (diff)
download	wireguard-openbsd-6338240c9e24d276ac80005155d820d869a3d411.tar.xz wireguard-openbsd-6338240c9e24d276ac80005155d820d869a3d411.zip