https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
Xin LI changed:
What|Removed |Added
CC||delp...@freebsd.org
Resolution|--
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
vladimirt...@yandex.ru changed:
What|Removed |Added
CC||vladimirt...@yandex.ru
---
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #16 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #15)
> But it is very weak, and I doubt there are many people still using it.
OPIE being the only OTP solution not depending on a third-party hardware ga
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #15 from Dag-Erling Smørgrav ---
(In reply to Victor Sudakov from comment #14)
> Isn't it configured as "sufficient" in the stock /etc/pam.d/sshd ?
Yes, for historical reasons: it was considered an adequate single factor 20+
ye
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #14 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #13)
> If you've been using OPIE as your only password, which you shouldn't
Who says I shouldn't? Isn't it configured as "sufficient" in the stock
/etc/p
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #13 from Dag-Erling Smørgrav ---
The OATH HOTP / TOTP algorithm is stronger than OPIE. If you've been using OPIE
as your only password, which you shouldn't, you'll be no worse off using OATH
instead. But I would urge you to also
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #11 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #10)
> Build-time, perhaps. Its only run-time dependency is libqrencode.
png also
--- Comment #12 from Victor Sudakov ---
(In reply to Dag-Erling Smørg
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #11 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #10)
> Build-time, perhaps. Its only run-time dependency is libqrencode.
png also
--
You are receiving this mail because:
You are the assignee for the
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #10 from Dag-Erling Smørgrav ---
Build-time, perhaps. Its only run-time dependency is libqrencode.
--
You are receiving this mail because:
You are the assignee for the bug.
___
freeb
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #9 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #8)
> you can use the security/pam_google_authenticator port
It turns out that this port has many dependencies (python and friends) which I
find annoying.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #8 from Dag-Erling Smørgrav ---
Google Authenticator is not tied to Google. It is an open standard called OATH
(RFC 4226 and 6238). It is commonly referred to as Google Authenticator
because they were the among the first to us
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #7 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #6)
> No, but you'll have something that's actually secure.
If I understand correctly, one depends on some Google app for smartphone, and
the other on som
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #6 from Dag-Erling Smørgrav ---
(In reply to Victor Sudakov from comment #5)
> Are they integrated into FreeBSD or do you recommend integrating them?
They're in ports.
> Suppose we switch to them, shall I still be able to use
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #5 from Victor Sudakov ---
(In reply to Dag-Erling Smørgrav from comment #4)
> I would recommend using Google Authenticator or Yubikey / U2F instead.
Are they integrated into FreeBSD or do you recommend integrating them?
Supp
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #4 from Dag-Erling Smørgrav ---
OPIE is not quite up to 2019 standards of security or usability. I would
recommend using Google Authenticator or Yubikey / U2F instead.
--
You are receiving this mail because:
You are the assig
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
Bjoern A. Zeeb changed:
What|Removed |Added
CC||b...@freebsd.org,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #2 from Victor Sudakov ---
How can I up this one? It's really annoying not to be able to skip one-time
passwords when logging in from a trusted IPv6-only host.
--
You are receiving this mail because:
You are the assignee for t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
Victor Sudakov changed:
What|Removed |Added
Keywords||ipv6
--
You are receiving this m
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
--- Comment #1 from Victor Sudakov ---
If someone provided me with an example how to add an IPv6 line to
/etc/opieaccess, I would be happy to test if IPv6 support is working.
I don't know however how to present an IPv6 network(s) in the "
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
Kubilay Kocak changed:
What|Removed |Added
Status|New |Open
Keywords|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
Bug ID: 237270
Summary: pam_opieaccess does not support IPv6, or documentation
is lacking
Product: Base System
Version: 11.2-RELEASE
Hardware: Any
OS:
21 matches
Mail list logo
