From owner-freebsd-security  Thu May 21 09:32:50 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA05044
          for freebsd-security-outgoing; Thu, 21 May 1998 09:32:50 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA05033
          for <freebsd-security@freebsd.org>; Thu, 21 May 1998 09:32:43 -0700 (PDT)
          (envelope-from regnauld@deepo.prosa.dk)
Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id UAA15429 for <freebsd-security@freebsd.org>; Thu, 21 May 1998 20:33:21 +0200
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id SAA21158
	for <freebsd-security@freebsd.org>; Thu, 21 May 1998 18:57:29 +0200 (CEST)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id SAA05477;
	Thu, 21 May 1998 18:31:48 +0200 (CEST)
Message-ID: <19980521183148.07894@deepo.prosa.dk>
Date: Thu, 21 May 1998 18:31:48 +0200
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: freebsd-security@FreeBSD.ORG
Subject: SKey and locked account
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.88e
X-Operating-System: FreeBSD 2.2.5-STABLE i386
Organization: PROSA
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

I'm currently experimenting with 2.2.6, FWTK and skey.

1) First thing I noticed is that it's possible for someone to log
   into the system, even if the account is disabled ('*' in the 
   passwd field), when S/Key is enabled for that user.  

   Surprise to me.

2) Also, I've tried to use the FWTK's authmgr to set Skey user auth.

   I use the authmgr's command "proto <username> <proto>" to set the user's
   auth type:

     authmgr-> proto bob skey
     changed

then I initialize the password with the seed:

     authmgr-> pass bob gw68016
     /usr/libexec/ld.so: Undefined symbol "_MD4Init" called from authsrv:/usr/lib/libskey.so.2.0 at 0x2002a218
                                           ^^^^

Am I missing something here ?
-- 
 -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
     ŤPluto placed his bad dog at the entrance of Hades to keep the dead
      IN and the living  OUT!  The archetypical corporate firewall?ť
                                                       - S. Kelly Bootle

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

