From owner-freebsd-current  Mon Jan 21  8:24:36 2002
Delivered-To: freebsd-current@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 37F6A37B405
	for <current@FreeBSD.ORG>; Mon, 21 Jan 2002 08:24:30 -0800 (PST)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id D285C532C; Mon, 21 Jan 2002 17:24:28 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: mark@grondar.za, current@FreeBSD.ORG
Subject: Re: Step6, corresponding /etc/pam.d/* fixes for review
References: <20020121142038.GA36519@nagual.pp.ru>
	<xzpsn8zwwey.fsf@flood.ping.uio.no>
	<20020121154244.GC37234@nagual.pp.ru>
	<xzpbsfnwvfz.fsf@flood.ping.uio.no>
	<20020121161534.GE37234@nagual.pp.ru>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 21 Jan 2002 17:24:28 +0100
In-Reply-To: <20020121161534.GE37234@nagual.pp.ru>
Message-ID: <xzpu1tfvfib.fsf@flood.ping.uio.no>
Lines: 37
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

"Andrey A. Chernov" <ache@nagual.pp.ru> writes:
> On Mon, Jan 21, 2002 at 16:54:56 +0100, Dag-Erling Smorgrav wrote:
> One (among others) argument _for_ "no fake prompts" is that standalone
> application once compiled with OPIE support can't dynamically turn off
> fake prompts using some configuration. For PAM case it means that pam_opie 
> can't be always turned on without confusion just because its fake prompts 
> and _nothing_else_.
> 
> The arguments _against_ "no fake prompts" was explained by markm in our
> previous discussion.

Yes, information leakage.

We have two options:

 - enable OPIE by default, with the no_fake_prompts option, leaving it
   up to the admin to enable fake prompts if he so wishes

 - disable OPIE by default, but do fake prompts by default if it is
   enabled

I think the first alternative increases security in a default
installation, because it allows any user to choose to use OPIE without
admin intervention.  If we go for the second alternative, users can
use OPIE only if the admin decides to enable it.

> > > I have idea to solve it adding "no_fake_prompts" option to pam_opie to
> > > control that per admin choice.
> > Yep, excellent idea.  I'll get right on it.
> Ok, I'll make patch for review.

Please, I'm getting paid to do this :) Make yourself a cup of tea or
something and put your feet up on the desk for a couple of minutes.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message