From owner-freebsd-security@FreeBSD.ORG  Tue Aug 16 06:48:34 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CC0216A41F
	for <freebsd-security@freebsd.org>;
	Tue, 16 Aug 2005 06:48:34 +0000 (GMT) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9166643D45
	for <freebsd-security@freebsd.org>;
	Tue, 16 Aug 2005 06:48:33 +0000 (GMT) (envelope-from des@des.no)
Received: from tim.des.no (localhost [127.0.0.1])
	by spam.des.no (Postfix) with ESMTP id E18E76195;
	Tue, 16 Aug 2005 08:46:23 +0200 (CEST)
Received: from xps.des.no (des.no [80.203.228.37])
	by tim.des.no (Postfix) with ESMTP id CF6D56194;
	Tue, 16 Aug 2005 08:46:22 +0200 (CEST)
Received: by xps.des.no (Postfix, from userid 1001)
	id 8DA7D33D38; Tue, 16 Aug 2005 08:46:34 +0200 (CEST)
To: Chuck Swiger <cswiger@mac.com>
References: <200508150355.j7F3tISY066942@app.auscert.org.au>
	<86wtmnqtwr.fsf@xps.des.no> <43015869.6020307@mac.com>
From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
Date: Tue, 16 Aug 2005 08:46:34 +0200
In-Reply-To: <43015869.6020307@mac.com> (Chuck Swiger's message of "Mon, 15
	Aug 2005 23:07:21 -0400")
Message-ID: <86d5oepeet.fsf@xps.des.no>
User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Tests: ALL_TRUSTED,AWL,BAYES_00
X-Spam-Learn: ham
X-Spam-Score: -5.2/5.0
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on tim.des.no
Cc: freebsd-security@freebsd.org, freebsd-security@auscert.org.au
Subject: Re: recompile sshd with OPIE?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2005 06:48:34 -0000

Chuck Swiger <cswiger@mac.com> writes:
> Aha!  I bet ports/security/fwtk would be much happier if SKEY was around.
> Were these enabled some time ago and since disabled...?

FreeBSD doesn't have S/Key for the simple reason that OPIE is a
drop-in replacement.  See the top of src/crypto/openssh/auth-skey.c
for an example of how to substitute OPIE for S/Key.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no