From owner-freebsd-security Wed Jun 26 4:35:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from noe.warszawa.mtl.pl (noe.warszawa.multinet.pl [213.241.3.26]) by hub.freebsd.org (Postfix) with ESMTP id 3916237B407 for ; Wed, 26 Jun 2002 04:35:27 -0700 (PDT) Received: by noe.warszawa.mtl.pl (Postfix, from userid 1007) id 5CBD27DF5C; Wed, 26 Jun 2002 13:35:36 +0200 (CEST) Received: from cerint.pl (white.cerint.pl [62.244.134.171]) by arka.warszawa.mtl.pl (Postfix) with ESMTP id E0097EA794; Wed, 26 Jun 2002 13:35:34 +0200 (CEST) Message-ID: <3D19A714.6000408@cerint.pl> Date: Wed, 26 Jun 2002 13:35:48 +0200 From: Marcin Gryszkalis Organization: Cerint Technology Group User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020619 X-Accept-Language: en-us, en, pl MIME-Version: 1.0 To: Chris Johnson Cc: security@FreeBSD.ORG Subject: Re: openssh-portable and s/key passwords References: <20020625133550.GB57228@palomine.net> <20020625155554.GA12933@beta.mwcis.com> <3D192BE8.99609932@pantherdragon.org> <20020626025829.GA68663@palomine.net> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: Poczta jest monitorowana oprogramowaniem antywirusowym. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris Johnson wrote: > Can anyone confirm that s/key does indeed work with openssh-portable? Is there > a PAM issue? I'm not sure if it's relevant to FreeBSD but debian advisory http://www.debian.org/security/2002/dsa-134 says: * keyboard interactive authentication does not work with privilege seperation. Most noticable for Debian users this breaks PAM modules which need a PAM conversation function (like the OPIE module). -- Marcin Gryszkalis or To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message