From owner-cvs-all  Sun Aug  5  8:29:45 2001
Delivered-To: cvs-all@freebsd.org
Received: from arb.arb.za.net (arb.arb.za.net [196.7.148.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id 00ED337B401; Sun,  5 Aug 2001 08:29:35 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: (from uucp@localhost)
	by arb.arb.za.net (8.11.3/8.11.3) with UUCP id f75FPk842282;
	Sun, 5 Aug 2001 17:25:46 +0200 (SAST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.11.5/8.11.4) with ESMTP id f75EiVZ04340;
	Sun, 5 Aug 2001 15:44:31 +0100 (BST)
	(envelope-from mark@grondar.za)
Message-Id: <200108051444.f75EiVZ04340@grimreaper.grondar.za>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libopie Makefile 
References: <20010805024631.B36079@nagual.pp.ru> 
In-Reply-To: <20010805024631.B36079@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru>  "Sun, 05 Aug 2001 02:46:34 +0400."
Date: Sun, 05 Aug 2001 15:44:31 +0100
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> On Sat, Aug 04, 2001 at 15:06:05 +0100, Mark Murray wrote:
> > I didn't have a problem enabling this? If you are talking about
> > opiekey(1) or any other OPIE key calculator, you need to be running
> > that on the client machine.
> 
> No, I talk about FTP tunneling via SSH. In this mode connection is secure
> and OTP is not required, as for localhost. FTPD get connection locally and
> not from localhost address but with address the host connected (i.e. the
> same machine, but different addresses, they must be in /etc/opieaccess).

I'm having a problem parsing this.

> > > Otherwise it is not possible to use OPIE in SSH connections which are more
> > > common nowdays than ever telnet connections.
> 
> opiepasswd and opiekey are not functional via SSH, -f can't be specified.

You can enable -f by building your world with "WANT_INSECURE_OPIE=true".

> opiepasswd:  user can't change its own password when count dropped to 0. 

Sounds like you either need to manage passwords better or that you need
WANT_INSECURE_OPIE.

> opiekey: sometimes it is not possible to run opiekey locally, assume X
> terminal or connection from internet-cafe. But it is possible via SSH. 

I understand the X Terminal problem, and I'm hoping to fix it. For the
rest, I have to repeat that it loooks like you need to build your world
with WANT_INSECURE_OPIE set to "true".

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message