Date: 21 Jan 2002 13:54:29 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Mark Murray <mark@grondar.za>, current@FreeBSD.ORG Subject: Re: Step5, pam_opie OPIE auth fix for review Message-ID: <xzp8zarzwxm.fsf@flood.ping.uio.no> In-Reply-To: <20020121025009.GA30673@nagual.pp.ru> References: <20020120220254.GA25886@nagual.pp.ru> <200201202314.g0KNEDt34526@grimreaper.grondar.org> <20020120233050.GA26913@nagual.pp.ru> <xzpvgdw1sqp.fsf@flood.ping.uio.no> <20020121000446.GB27206@nagual.pp.ru> <xzpn0z81rrr.fsf@flood.ping.uio.no> <20020121002557.GB27831@nagual.pp.ru> <xzpelkk1qnb.fsf@flood.ping.uio.no> <20020121004906.GA28231@nagual.pp.ru> <xzp665w1otd.fsf@flood.ping.uio.no> <20020121025009.GA30673@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"Andrey A. Chernov" <ache@nagual.pp.ru> writes: > 1) When OPIE turned on in the system, not neccessary all users are > OPIE-ed, only those who listed in /etc/opiekeys. It means that > pam_opieaccess() module must do something only for valid OPIE users > listed in /etc/opiekeys and do nothing for others. I use opiechallenge() > check for it, and if it fails, return PAM_IGNORE. Umm, you can't use opiechallenge() for that. You're not supposed to call opiechallenge() without also calling opieverify() (plus, I think opiechallenge() "consumes" a challenge). Use opielookup() instead. > 2) opiealways() return just opposite to what you might expect, see > /usr/src/contrib/opie/libopie/accessfile.c comment about it. Fixed by > removing "!" Right, thanks. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp8zarzwxm.fsf>