From owner-freebsd-questions@FreeBSD.ORG Fri Jan 23 06:48:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9253316A4CF for ; Fri, 23 Jan 2004 06:48:18 -0800 (PST) Received: from cpanel10.gzo.com (69-56-171-54.theplanet.com [69.56.171.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FC2243D1F for ; Fri, 23 Jan 2004 06:48:15 -0800 (PST) (envelope-from dany_list@natzo.com) Received: from [38.119.208.42] (helo=natzo.com) by cpanel10.gzo.com with asmtp (TLSv1:RC4-MD5:128) (Exim 4.24) id 1Ak2bT-0004cj-FW for freebsd-questions@freebsd.org; Fri, 23 Jan 2004 08:48:11 -0600 Message-ID: <40113436.8050509@natzo.com> Date: Fri, 23 Jan 2004 09:48:22 -0500 From: Dany Nativel User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <400C9CE9.9050705@natzo.com> <400CA24F.7020009@natzo.com> In-Reply-To: <400CA24F.7020009@natzo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel10.gzo.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - natzo.com Subject: Re: Segmentation fault on OPIE when sequence number <0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2004 14:48:18 -0000 I've posted my s/key issue on this mailing list, BSD forums and also submitted a bug report to FBSD... no response so far or any advice on how to debug the problem. I'd like to switch my Debian based file server to freebsd but this issue on s/key is annoying. Any comments are welcome. Thanks Dany Dany wrote: > In order to allow my user to login using his regular Unix password I > had to remove the file /etc/opiekeys > > I've tried the same opiepasswd thing on a Debian box and when the > s/key expired (sequence # = 0), I just pressed enter in order to get > the Password prompt for the Unix password. > > Just for information heres is my /etc/pam.d/login (stock from 5.2R > install) : > auth required pam_nologin.so no_warn > auth sufficient pam_self.so no_warn > auth include system > > account requisite pam_securetty.so > account include system > > session include system > > password include system > > How did I get the OPIE running in the first place without any > modification of this file ? > > On the debian one I had to add "auth sufficient pam_opie.so" and "auth > required pam_deny.so". > > Dany > > Dany wrote: > >> Playing around with OPIE I used the following command on a 5.2R >> (hopefully I still have my root working) : >> >> 1) from the user account : >> #opiepasswd -c -n 2 >> I put 2 for the initial sequence number just to see what would happen >> to the user when he reaches 0 >> >> Entered my passphrase, got the seed and got the first response. >> >> 2) I didn't touch the /etc/pam.d/login but noticed that it didn't >> contain any reference to opie (/etc/pam.d/ssh does have some). >> >> 3) After exiting the current session, I got : >> login : alpha >> otp-md5 2 he201 >> Password: >> >> I think I tried my regular Unix password first and it worked. I >> logged out and this time I used the response computed by my external >> s/key calculator. It worked well and I was logged in... nice ! >> >> 4) So I repeated that process until I reached 0. >> >> 5) Now this is what I get : >> login: alpha >> otp-md5 -1 (null) ext >> Password: >> >> I now my s/key password has expired so I put in my Unix password and >> received a nice : >> >> FreeBSD/i386 (local) (ttyv0) >> login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on >> signal 11 (core dumped) >> >> 6) I though it was some kind of security mecanism so I logged back on >> my root account. >> >> 7) Trying to disable OPIE login for alpha using the following command : >> #opiepasswd -d alpha >> Updating alpha: >> Segmentation fault (core dumped) >> local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: >> exited on signal 11 (core dumped) >> >> I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I >> received the same segmentation fault. >> >> a) how did OPIE worked in the first place with no mention to it in >> /etc/pam.d/login ? >> b) why do I get a segmentation fault ? >> >> Thanks >> Dany >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"