Date: Sat, 19 Jan 2002 21:59:07 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Mark Murray <mark@grondar.za> Cc: Dag-Erling Smorgrav <des@ofug.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: How OPIE works or explanations from google Message-ID: <20020119185905.GD12683@nagual.pp.ru> In-Reply-To: <200201191838.g0JIcct23386@grimreaper.grondar.org> References: <20020119182627.GN11604@nagual.pp.ru> <200201191838.g0JIcct23386@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
How unhacked non-PAM standalone OPIE works: 1) If OPIE user exists, its remote host checked against /etc/opieaccess via opieaccessfile() 2) If remote host is found there, user home dir checked for opiealways file. 3) If no such file, it is assumed than OPIE user MAY authenticate with plaintext password additionly to OPIE exchange. In all other cases OPIE user is not able to authenticate with plaintext (Unix) password. How hacked PAM OPIE recently working: OPIE user can ALWAYS authenticate with plaintext (Unix) password. This is security lowering. I fix this. WHAT IS UNCLEAR? -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119185905.GD12683>