Date: Sat, 04 Aug 2001 15:06:05 +0100 From: Mark Murray <mark@grondar.za> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libopie Makefile Message-ID: <200108041406.f74E67r12793@grimreaper.grondar.za> In-Reply-To: <20010803202823.A15671@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru> "Fri, 03 Aug 2001 20:28:23 %2B0400." References: <20010803202823.A15671@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Do a "man opieaccess" and you will see that it _is_ insecure, and is > > meant as a temporary feature for migration purposes only, and is NOT > > meant for permanent installation. > > Practical reason behind of it was: > various sorts of tunneling (FTP via SSH f.e.) can't be enabled, if local > host addresses (excepting localhost) was not added to /etc/opieaccess I didn't have a problem enabling this? If you are talking about opiekey(1) or any other OPIE key calculator, you need to be running that on the client machine. > > Read the man page. > > Of course, I already read it, but disagree. My point is that OPIE must > either: > > a) Detect SSH connection present (which _is_ secure). > b) Relax its insecure restrictions. Then please submit these proposals to -security, and lets discuss them. > Otherwise it is not possible to use OPIE in SSH connections which are more > common nowdays than ever telnet connections. I've never had a problem with this. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108041406.f74E67r12793>