Re: HEADS UP!! S/Key is ancient, OPIE is new
> Why? Better way will be rewritting ports to use good-new OPIE. > wi-ftpd already have OPIE hooks, but I not sure they works. Popper needs > modifications. Doesn't know, if other ports using Skey exists. I can do base software, but I haven't time to fill all ports. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
Sudo also has a --with-opie option in configure. I don't remember why it isn't in the standard sudo port tho. Michael On Fri, Jun 22, 2001 at 01:14:41AM -0700, Gregory Neil Shapiro wrote: > ache> wi-ftpd already have OPIE hooks, but I not sure they works. Popper needs > ache> modifications. Doesn't know, if other ports using Skey exists. > > security/sudo uses it: > > > sudo ldd /usr/local/bin/sudo > Password [ s/key 135 ho9319 ]: > /usr/local/bin/sudo: > libmd.so.2 => /usr/lib/libmd.so.2 (0x28077000) > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x2808) > libutil.so.3 => /usr/lib/libutil.so.3 (0x28095000) > libskey.so.2 => /usr/lib/libskey.so.2 (0x2809e000) > libc.so.4 => /usr/lib/libc.so.4 (0x280a5000) > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
ache> wi-ftpd already have OPIE hooks, but I not sure they works. Popper needs ache> modifications. Doesn't know, if other ports using Skey exists. security/sudo uses it: > sudo ldd /usr/local/bin/sudo Password [ s/key 135 ho9319 ]: /usr/local/bin/sudo: libmd.so.2 => /usr/lib/libmd.so.2 (0x28077000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x2808) libutil.so.3 => /usr/lib/libutil.so.3 (0x28095000) libskey.so.2 => /usr/lib/libskey.so.2 (0x2809e000) libc.so.4 => /usr/lib/libc.so.4 (0x280a5000) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
On Thu, Jun 21, 2001 at 11:52:52AM +0200, Dag-Erling Smorgrav wrote: > Mark Murray <[EMAIL PROTECTED]> writes: > > I want to remove S/Key from CURRENT completely, and replace it > > with OPIE where necessary. > > How will this affect OpenSSH's SKeyAuthentication option, which is > required for certain types of token-based authentication (like > CryptoCard)? It already uses OPIE; AFAIK OpenBSD decided to call OPIE S/Key when they imported it to replace their old S/Key. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
On Thu, Jun 21, 2001 at 10:13:06PM +0400, Andrey A. Chernov wrote: > On Thu, Jun 21, 2001 at 08:07:51 +0200, Mark Murray wrote: > > > On Wed, Jun 20, 2001 at 21:03:21 +0200, Mark Murray wrote: > > > > I want to remove S/Key from CURRENT completely, and replace it > > > > with OPIE where necessary. For the most part, this means just > > > > using PAM, but in one-or-two places, it may still be necessary > > > > to use it directly (like temporarily in ftpd). > > > > > > Please don't forget to fix ports which use system Skey too, like wu-ftpd > > > and popper. > > > > Good move. I think we need to make S/Key into a port for this. > > Why? Better way will be rewritting ports to use good-new OPIE. > wi-ftpd already have OPIE hooks, but I not sure they works. Popper needs > modifications. Doesn't know, if other ports using Skey exists. I think it's pretty trivial to convert things from S/Key to OPIE. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
On Thu, Jun 21, 2001 at 08:07:51 +0200, Mark Murray wrote: > > On Wed, Jun 20, 2001 at 21:03:21 +0200, Mark Murray wrote: > > > I want to remove S/Key from CURRENT completely, and replace it > > > with OPIE where necessary. For the most part, this means just > > > using PAM, but in one-or-two places, it may still be necessary > > > to use it directly (like temporarily in ftpd). > > > > Please don't forget to fix ports which use system Skey too, like wu-ftpd > > and popper. > > Good move. I think we need to make S/Key into a port for this. Why? Better way will be rewritting ports to use good-new OPIE. wi-ftpd already have OPIE hooks, but I not sure they works. Popper needs modifications. Doesn't know, if other ports using Skey exists. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
Mark Murray <[EMAIL PROTECTED]> writes: > I want to remove S/Key from CURRENT completely, and replace it > with OPIE where necessary. How will this affect OpenSSH's SKeyAuthentication option, which is required for certain types of token-based authentication (like CryptoCard)? DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
> > Please note that I'll start committing this in a few days unless > > I get valid objections. > > S/Key is documented in the Handbook, OPIE isn't. Any chance you could > rectify this before surgery? Sure! M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
> On Wed, Jun 20, 2001 at 21:03:21 +0200, Mark Murray wrote: > > I want to remove S/Key from CURRENT completely, and replace it > > with OPIE where necessary. For the most part, this means just > > using PAM, but in one-or-two places, it may still be necessary > > to use it directly (like temporarily in ftpd). > > Please don't forget to fix ports which use system Skey too, like wu-ftpd > and popper. Good move. I think we need to make S/Key into a port for this. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HEADS UP!! S/Key is ancient, OPIE is new
On Wed, Jun 20, 2001 at 09:03:21PM +0200, Mark Murray wrote: > S/Key is old and decrepit; OPIE has taken over from it just about > completely except in FreeBSD; I intend to fix this. > > I want to remove S/Key from CURRENT completely, and replace it > with OPIE where necessary. For the most part, this means just > using PAM, but in one-or-two places, it may still be necessary > to use it directly (like temporarily in ftpd). > > OPIE has been in the sytem for a couple of years; S/Key's removal > was never complete. > > Please note that I'll start committing this in a few days unless > I get valid objections. S/Key is documented in the Handbook, OPIE isn't. Any chance you could rectify this before surgery? N -- FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 --- PGP signature
Re: HEADS UP!! S/Key is ancient, OPIE is new
On Wed, Jun 20, 2001 at 21:03:21 +0200, Mark Murray wrote: > I want to remove S/Key from CURRENT completely, and replace it > with OPIE where necessary. For the most part, this means just > using PAM, but in one-or-two places, it may still be necessary > to use it directly (like temporarily in ftpd). Please don't forget to fix ports which use system Skey too, like wu-ftpd and popper. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
