Date: Sat, 19 Jan 2002 17:03:09 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119140308.GA9574@nagual.pp.ru> In-Reply-To: <20020119134810.GB9275@nagual.pp.ru> References: <200201191009.g0JA95b91076@freefall.freebsd.org> <20020119042808.A67985@xor.obsecurity.org> <20020119123903.GA8776@nagual.pp.ru> <20020119124322.GB8776@nagual.pp.ru> <20020119053506.A77530@xor.obsecurity.org> <20020119134810.GB9275@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 19, 2002 at 16:48:10 +0300, Andrey A. Chernov wrote: > nobody comes with re-implementation, it is removed because cause problems. Problems are: 1) User confusion. Example: Imagine that you have insecure host and want to enter 'su'. You can configure it to use OPIE. And afterwards not only you will see its prompt, but all other users, not OPIE-enabled, will see fake promts too, constantly asking questions to admin. 2) Automatic tasks protocol confusion. Example: Imagine that you have script which enters FTP, confirming=20 user/password, in the send/expect form. If you ever enable OPIE for _one_= =20 ftp user in your system, the script stops to work due to unknown FTP=20 response. 3) False sense that OPIE is alive. Example: Imagine that filesystem error remove some OPIE-critical file. And= =20 very-very long time users will try to enter the system answering on fake=20 prompts instead of reporting its admin immediately. All of this so obvious so I wonder what ever discussion can happens here. --=20 Andrey A. Chernov http://ache.pp.ru/ --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBPEl8nOJgpPLZnQjrAQFI9QQArYEWZHbtXZhDyF8ywRZ4XvXJb4C49r6Y 5SAODxpI/0TuQNuoPvQgn4BeLjof/6eAzW2EDwOFTiF8rJ/qgzX59WVTPFaLngSx sd+NeuR0TDo1qAhXQt7R6lzvGGrqRU3VAxhongowrYOlLrbQZmwvUxBLNYX4I+ic Y9ueK3Fa4f8= =snp+ -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119140308.GA9574>