From owner-freebsd-security@FreeBSD.ORG Mon Aug 15 12:14:21 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4309D16A41F for ; Mon, 15 Aug 2005 12:14:21 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD85643D46 for ; Mon, 15 Aug 2005 12:14:20 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 4431760F7; Mon, 15 Aug 2005 14:14:01 +0200 (CEST) Received: from xps.des.no (des.no [80.203.228.37]) by tim.des.no (Postfix) with ESMTP id C8D0A60F1; Mon, 15 Aug 2005 14:14:00 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 88CE233D38; Mon, 15 Aug 2005 14:14:12 +0200 (CEST) To: freebsd-security@auscert.org.au References: <200508150355.j7F3tISY066942@app.auscert.org.au> From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) Date: Mon, 15 Aug 2005 14:14:12 +0200 In-Reply-To: <200508150355.j7F3tISY066942@app.auscert.org.au> (freebsd-security@auscert.org.au's message of "Mon, 15 Aug 2005 13:55:18 +1000") Message-ID: <86wtmnqtwr.fsf@xps.des.no> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Tests: ALL_TRUSTED,AWL,BAYES_00 X-Spam-Learn: ham X-Spam-Score: -5.2/5.0 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on tim.des.no Cc: freebsd-security@freebsd.org Subject: Re: recompile sshd with OPIE? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2005 12:14:21 -0000 freebsd-security@auscert.org.au writes: > Can this be achieved within the regular system build process, or must I > roll my own? You need to change src/crypto/openssh/config.h so it says /* #undef PAM */ #define SKEY 1 #define OPIE 1 instead of #define PAM 1 /* #undef SKEY */ /* #undef OPIE */ then rebuild world. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no