From owner-freebsd-security@FreeBSD.ORG Wed Mar 16 07:43:27 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C587A106564A for ; Wed, 16 Mar 2011 07:43:27 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 6DD2C8FC14 for ; Wed, 16 Mar 2011 07:43:27 +0000 (UTC) Received: from outgoing.leidinger.net (p5B15565A.dip.t-dialin.net [91.21.86.90]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id AFDD984400E; Wed, 16 Mar 2011 08:25:10 +0100 (CET) Received: from webmail.leidinger.net (unknown [IPv6:fd73:10c7:2053:1::2:102]) by outgoing.leidinger.net (Postfix) with ESMTP id C221A2D1F; Wed, 16 Mar 2011 08:25:06 +0100 (CET) Received: (from www@localhost) by webmail.leidinger.net (8.14.4/8.13.8/Submit) id p2G7OUHC061647; Wed, 16 Mar 2011 08:24:30 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.ec.europa.eu (pslux.ec.europa.eu [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 16 Mar 2011 08:24:30 +0100 Message-ID: <20110316082430.55551xliwa7dte4g@webmail.leidinger.net> Date: Wed, 16 Mar 2011 08:24:30 +0100 From: Alexander Leidinger To: Dag-Erling =?utf-8?b?U23Dg8K4cmdyYXY=?= References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <1300222976.7909.19.camel@w500.local> <86aagvy2uc.fsf@ds4.des.no> In-Reply-To: <86aagvy2uc.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: AFDD984400E.A1024 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=1.351, required 6, autolearn=disabled, RDNS_NONE 1.27, TW_XM 0.08) X-EBL-MailScanner-SpamScore: s X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1300865113.54541@xEet2PEJW4vjyWFyQMQUJg X-EBL-Spam-Status: No X-Mailman-Approved-At: Wed, 16 Mar 2011 11:25:25 +0000 Cc: freebsd-security@freebsd.org, Miguel Lopes Santos Ramos , RW Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2011 07:43:27 -0000 Quoting Dag-Erling Sm=C3=83=C2=B8rgrav (from Wed, 16 Mar 2011 = =20 07:52:11 +0100): > Miguel Lopes Santos Ramos writes: >> They also make the questionable argument of a paper being more >> portable than a calculator, which I also understand but don't agree, >> because a calculator can be "transported" over the Internet easily. > > Perhaps, perhaps not. It depends on how much you trust the browser. > However, pretty much everyone these days carries a mobile phone capable > of running a key calculator. Maybe a little bit unrelated, but: for which kinds of logins do you =20 use OPIE? SSH or generic OS logins are obvious places to use it, but I =20 am more interested in other uses. I already use it in wordpress, but I =20 still search a way to use it for IMAP (there seems to be a protocol =20 enhancement for it, but I didn't find an implementation so far), =20 gallery2 and ejabberd (if xmpp allows something like this) without the =20 need to let them use system users (e.g. the IMAP user/pw are currently =20 in MySQL, the xmpp users are in the ejabberd internal DB, ...). Anyone with ideas regarding this? It would also be nice to hear other possibilities where OPIE can be =20 used (snmp auth?). Bye, Alexander, --=20 Yesterday I was a dog. Today I'm a dog. Tomorrow I'll probably still be a dog. Sigh! There's so little hope for advancement. =09=09-- Snoopy http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137