Date: Sat, 19 Jan 2002 08:26:06 -0500 From: Jim Bloom <bloom@acm.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Kris Kennaway <kris@obsecurity.org>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <3C4973ED.D048EB70@acm.org> References: <200201191009.g0JA95b91076@freefall.freebsd.org> <20020119042808.A67985@xor.obsecurity.org> <20020119123903.GA8776@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
That was not the case with S/Key under PAM. When I created pam_opie.c, it behaved identically to pam_skey.c. Maybe PAM worked differently from some of the programs that had S/Key support hard coded in them and the migration to PAM changed the behavior. In addition, I have noticed a much bigger emphasis on security in FreeBSD over the past couple years. Some things that would have been allowed in the past are being corrected. Jim Bloom "Andrey A. Chernov" wrote: > > On Sat, Jan 19, 2002 at 04:28:10 -0800, Kris Kennaway wrote: > > On Sat, Jan 19, 2002 at 02:09:05AM -0800, Andrey A. Chernov wrote: > > > ache 2002/01/19 02:09:05 PST > > > > > > Modified files: > > > lib/libpam/modules/pam_opie pam_opie.c > > > Log: > > > If user not exist in OPIE system, return failure immediately instead > > > of producing fake prompts with random numbers which can be detected by > > > potential intruder in two tries and totally confuse non-OPIE users. > > > > Wait a minute..was this discussed anywhere? > > We already live with this "change" several years when S/Key was here and > nobody complaints. This is not a change, this is return to old way as it > must be. > > This change have nothing common to security, just eliminate obscurity. > > -- > Andrey A. Chernov > http://ache.pp.ru/ > > -------------------------------------------------------------------------------- > Part 1.2Type: application/pgp-signature To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C4973ED.D048EB70>