>Any qualms about adding that 'unsecure' option to the code, or is NetBSD
>trying to stay as BSD 4.4'ish as possible?

Yes, but they have nothing to do with wanting to be like 4.4.  8-)

I think that the slow growth of the number of options a program takes
is a _bad_ thing.  (do you know how many options cat(1) has these
days?  know how many it had in V7?  etc.)  I think that if there's
reason enough to add the flag, in this case, that behaviour should be
made the default.

I'm going to try to find out tomorrow _exactly_ why it was done this
way, and then figure out what should be done about it.  it makes me
wonder: normally pty's are insecure, and would disallow root logins.
should they be allowed for rlogins?  how do you disallow them?  (i'm
not sure that it would happen automatically w/ no changes to the code
that's already there...)

On a slightly different subject, I think that the logging behaviour
should be made consistent with rshd: namely, add a flag that causes
notice of all rlogins to be given, and implement a policy consistent
to rshd's about logging root rlogins, if they're allowed.



chris