From owner-cvs-all Sat Jan 19 9:43:50 2002 Delivered-To: cvs-all@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 3341137B402; Sat, 19 Jan 2002 09:43:43 -0800 (PST) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id g0JHhdk12014; Sat, 19 Jan 2002 20:43:39 +0300 (MSK) (envelope-from ache) Date: Sat, 19 Jan 2002 20:43:39 +0300 From: "Andrey A. Chernov" To: Dag-Erling Smorgrav Cc: mark@grondar.za, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: For all who miss it, PAM changes explanation reposted Message-ID: <20020119174339.GG11604@nagual.pp.ru> References: <200201190901.g0J91H641020@freefall.freebsd.org> <20020119170316.GA11315@nagual.pp.ru> <20020119172829.GB11604@nagual.pp.ru> <20020119173633.GD11604@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020119173633.GD11604@nagual.pp.ru> User-Agent: Mutt/1.3.24i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jan 19, 2002 at 20:36:34 +0300, Andrey A. Chernov wrote: > > Old behaviour is incorrect because provides UNCONDITIONAL fallback > from pam_opie failure to pam_unix, next in the chain. This fallback must > be CONDITIONAL according to OPIE way of things. Conditions include remote > host checking and user home directory checking. Note about producing fake prompts: We *ALL* agree that old OPIE scheme with fake promts, in the way it was implemented, is not improves security. Everybody can detect it trying two times. So, it should be revmoved first (the thing I do) and maybe replaced with more advanced variant next (someone else). -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message