From owner-freebsd-hackers Fri Mar 27 05:07:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA20963 for freebsd-hackers-outgoing; Fri, 27 Mar 1998 05:07:27 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from pandora.hh.kew.com (root@kendra.ne.mediaone.net [24.128.94.182]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA20957 for ; Fri, 27 Mar 1998 05:07:24 -0800 (PST) (envelope-from software@kew.com) Received: from sonata.uucp.kew.com (sonata.hh.kew.com [192.168.203.135]) by pandora.hh.kew.com (8.8.5/8.8.5) with SMTP id IAA02069; Fri, 27 Mar 1998 08:07:21 -0500 (EST) Received: from kew.com by sonata.uucp.kew.com (UUPC/extended 1.12y) with UUCP for multiple addressees; Fri, 27 Mar 1998 08:07:21 -0500 Received: from kew.com by sonata.uucp.kew.com (UUPC/extended 1.12y) with ESMTP for multiple addresses; Fri, 27 Mar 1998 08:07:18 -0500 Message-ID: <351BA486.75FB2644@kew.com> Date: Fri, 27 Mar 1998 08:07:18 -0500 From: Drew Derbyshire - UUPC/extended software support Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com) X-Mailer: Mozilla 4.04 [en]C-MOENE (WinNT; I) MIME-Version: 1.0 To: spork CC: hackers@FreeBSD.ORG Subject: Re: S/Key interfaces export restricted? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Thu, 26 Mar 1998, Drew Derbyshire - UUPC/extended software support wrote: > > > I'm hacking one-timer passwords (S/Key) into popper for limited road work; if > > the s/key interface is not export restricted, I'll be happy to submit the > > patch back into the port collection (and to the original authors, if they > > accept such input). The changes will, of course, be "#ifdef SKEY". > > > > So, are calls to the s/key library export restricted? spork wrote: > Before you do this, you might want to check qpooper, erm qpopper. While > it can be a bit wacky at times with bulletin delivery, it includes s/key > support if built from the port: I didn't know that -- clearly, I didn't look deep enough. I saw it had APOP support, which is the standard, but didn't notice the S/Key. > -|super-g|-$ telnet pop.inch.com 110 > Trying 207.240.140.101... > Connected to pop.inch.com. > Escape character is '^]'. > +OK QPOP (version 2.4b2) at arutam.inch.com starting. For reasons which now escape me, I hacked straight 2.4, not the beta, so maybe a change was made in between. > <27325.890940269@arutam.inch.com> > user spork > +OK s/key 86 ut16018 Unfortunately, I may *still* need to hack the bloody thing. The client is Netscape Communicator, which definitely doesn't understand APOP or (it appears) S/key, and so the "bad password" message in pop_pass.c needs to include the s/key challenge for the user (since Netscape only reports error messages, not OK responses.) Maybe that was fixed in the beta as well. I'll look at the port in detail before going further. -ahd- -- Drew Derbyshire UUPC/extended e-mail: software@kew.com Telephone: 617-279-9812 "Sad, really, isn't it? People spend all their time making nice things and other people come along and break them." -- Dr. Who?, "The Enemy of the World:3" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message