From owner-freebsd-security@FreeBSD.ORG  Tue Jul  8 16:18:02 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3391237B401
	for <freebsd-security@freebsd.org>;
	Tue,  8 Jul 2003 16:18:02 -0700 (PDT)
Received: from smtp.des.no (37.80-203-228.nextgentel.com [80.203.228.37])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BE32543F85
	for <freebsd-security@freebsd.org>;
	Tue,  8 Jul 2003 16:18:00 -0700 (PDT)	(envelope-from des@des.no)
Received: by smtp.des.no (Postfix, from userid 666)
	id 92BC49595C; Wed,  9 Jul 2003 01:17:59 +0200 (CEST)
Received: from dwp.des.no (dwp.des.no [10.0.0.4])
	by smtp.des.no (Postfix) with ESMTP
	id 0FBF195958; Wed,  9 Jul 2003 01:17:57 +0200 (CEST)
Received: by dwp.des.no (Postfix, from userid 2602)
	id A03FBB811; Wed,  9 Jul 2003 01:17:56 +0200 (CEST)
To: Brendan Bank <brendan@gnarst.net>
References: <200306271448.h5REmfOc054525@banzai.gnarst.net>
From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
Date: Wed, 09 Jul 2003 01:17:56 +0200
In-Reply-To: <200306271448.h5REmfOc054525@banzai.gnarst.net> (Brendan Bank's
 message of "Fri, 27 Jun 2003 16:48:41 +0200")
Message-ID: <xzpisqc8v6j.fsf@dwp.des.no>
User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.2 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, hits=-2.5 required=8.0
	tests=EMAIL_ATTRIBUTION,IN_REP_TO,REFERENCES,REPLY_WITH_QUOTES,
	      USER_AGENT_GNUS_UA
	version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
cc: freebsd-security@freebsd.org
Subject: Re: Problems with the pam_opieaccess PAM module
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2003 23:18:02 -0000

Brendan Bank <brendan@gnarst.net> writes:
> And in /etc/pam.conf I added:
>
> sshd    auth    required      pam_opie.so
> sshd    auth    requisite     pam_opieaccess.so
> sshd    auth    required      /usr/lib/pam_krb5.so.1     try_first_pass f=
orwardable

Where in /etc/pam.conf?  There are already sshd lines in pam.conf, and
things may not work as you expect if you merely added your lines
rather than replace what was already there.

BTW, I use the following:

root@flood ~# grep sshd /etc/pam.conf
#sshd   auth    sufficient      pam_skey.so
sshd    auth    sufficient      pam_opie.so                     no_fake_pro=
mpts
sshd    auth    requisite       pam_opieaccess.so
#sshd   auth    sufficient      pam_kerberosIV.so               try_first_p=
ass
#sshd   auth    sufficient      pam_krb5.so                     try_first_p=
ass
sshd    auth    required        pam_unix.so                     try_first_p=
ass
sshd    account required        pam_unix.so
sshd    password required       pam_permit.so
sshd    session required        pam_permit.so

and it works perfectly.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no