Date: Sat, 19 Jan 2002 15:43:22 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119124322.GB8776@nagual.pp.ru> In-Reply-To: <20020119123903.GA8776@nagual.pp.ru> References: <200201191009.g0JA95b91076@freefall.freebsd.org> <20020119042808.A67985@xor.obsecurity.org> <20020119123903.GA8776@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--PmA2V3Z32TCmWXqI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 19, 2002 at 15:39:03 +0300, Andrey A. Chernov wrote: > On Sat, Jan 19, 2002 at 04:28:10 -0800, Kris Kennaway wrote: > > On Sat, Jan 19, 2002 at 02:09:05AM -0800, Andrey A. Chernov wrote: > > > ache 2002/01/19 02:09:05 PST > > >=20 > > > Modified files: > > > lib/libpam/modules/pam_opie pam_opie.c=20 > > > Log: > > > If user not exist in OPIE system, return failure immediately instead > > > of producing fake prompts with random numbers which can be detected= by > > > potential intruder in two tries and totally confuse non-OPIE users. > >=20 > > Wait a minute..was this discussed anywhere? >=20 > We already live with this "change" several years when S/Key was here and > nobody complaints. This is not a change, this is return to old way as it > must be. >=20 > This change have nothing common to security, just eliminate obscurity. And what really must be discussed, is complete incompatibilities list bringed by S/Key -> OPIE switch, not due to OPIE new way of things but due to oversights or misinterpretations how it must be configured. And it was not discussed. And I am only one who try to bring OPIE into good old S/Key shape. --=20 Andrey A. Chernov http://ache.pp.ru/ --PmA2V3Z32TCmWXqI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBPElp6uJgpPLZnQjrAQHRDAP/RuIJZPyUOTGn4Nk7SOipdMjZ/+MKNp6X 75QHQDGYUvr28ncr4rZNckpbA6bo1KRHt1sI0XaXkc0u4tBJb9hI45SAb9Ci+fBq Hofnp1XyNr4rGYp62Fo6eST7l4OwQhKx/107yMxShbWK3YwvgeLet2k9VQJ5fuQ8 dAhmgzJO2tc= =wDXI -----END PGP SIGNATURE----- --PmA2V3Z32TCmWXqI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119124322.GB8776>