I'd like to switch my Debian based file server to freebsd but this issue on s/key is annoying.
Any comments are welcome. Thanks Dany
Dany wrote:
In order to allow my user to login using his regular Unix password I had to remove the file /etc/opiekeys
I've tried the same opiepasswd thing on a Debian box and when the s/key expired (sequence # = 0), I just pressed enter in order to get the Password prompt for the Unix password.
Just for information heres is my /etc/pam.d/login (stock from 5.2R install) :
auth required pam_nologin.so no_warn
auth sufficient pam_self.so no_warn
auth include system
account requisite pam_securetty.so account include system
session include system
password include system
How did I get the OPIE running in the first place without any modification of this file ?
On the debian one I had to add "auth sufficient pam_opie.so" and "auth required pam_deny.so".
Dany
Dany wrote:
Playing around with OPIE I used the following command on a 5.2R (hopefully I still have my root working) :
1) from the user account :
#opiepasswd -c -n 2
I put 2 for the initial sequence number just to see what would happen to the user when he reaches 0
Entered my passphrase, got the seed and got the first response.
2) I didn't touch the /etc/pam.d/login but noticed that it didn't contain any reference to opie (/etc/pam.d/ssh does have some).
3) After exiting the current session, I got : login : alpha otp-md5 2 he201 Password:
I think I tried my regular Unix password first and it worked. I logged out and this time I used the response computed by my external s/key calculator. It worked well and I was logged in... nice !
4) So I repeated that process until I reached 0.
5) Now this is what I get : login: alpha otp-md5 -1 (null) ext Password:
I now my s/key password has expired so I put in my Unix password and received a nice :
FreeBSD/i386 (local) (ttyv0)
login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on signal 11 (core dumped)
6) I though it was some kind of security mecanism so I logged back on my root account.
7) Trying to disable OPIE login for alpha using the following command :
#opiepasswd -d alpha
Updating alpha:
Segmentation fault (core dumped)
local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: exited on signal 11 (core dumped)
I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I received the same segmentation fault.
a) how did OPIE worked in the first place with no mention to it in /etc/pam.d/login ?
b) why do I get a segmentation fault ?
Thanks Dany
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"