From owner-freebsd-security  Fri Oct  9 20:32:28 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA27098
          for freebsd-security-outgoing; Fri, 9 Oct 1998 20:32:28 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA27058
          for <freebsd-security@FreeBSD.ORG>; Fri, 9 Oct 1998 20:32:14 -0700 (PDT)
          (envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id WAA07134;
	Fri, 9 Oct 1998 22:32:09 -0500 (CDT)
Received: from aridius-44.isdn.mke.execpc.com(169.207.66.171) by peak.mountin.net via smap (V1.3)
	id sma007132; Fri Oct  9 22:32:08 1998
Message-Id: <3.0.3.32.19981009222114.007449dc@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Fri, 09 Oct 1998 22:21:14 -0500
To: Brandon Huey <bh@synergy.transbay.net>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: RE: fwtk and skey authorization (+ssh)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.981009133426.22833A-100000@synergy.transbay.
 net>
References: <l03110708b2441198068e@[192.168.6.3]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 01:35 PM 10/9/98 -0700, Brandon Huey wrote:
> 
>on a related note, i recently discovered an s/key patched ssh and it's
>working great.
> 
>you can find it at: http://www.lackluster.net/~scott/ssh_skey.html

Rather neat, but is it doing the OTP over an encrypted tunnel ie first you
enter your private key password, then it prompts for a SKey password on the
server.  Or is this just so that you can use either RSA or SKey OTP
authentication?

Now if there was something to make it optional for POP, rather than
mandatory.  If you compile popper on a clean install, once you add a
/etc/skey.access file and do not wish to use SKey, the access file need a
permit.  Would be better to use a 2nd access file, especially if you use an
alternate passwd file.

Just commenting, since it not extremely important in my case, which is why
I haven't looked into it much. 8-)


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message