Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Apr 2002 21:50:46 -0400 (EDT)
From:      Robert Watson <rwatson@freebsd.org>
To:        Jordan Hubbard <jkh@winston.freebsd.org>
Cc:        hackers@freebsd.org
Subject:   Re: Erm, since everyone managed to HIJACK my sshd thread! ;)
Message-ID:  <Pine.NEB.3.96L.1020424214955.55944N-100000@fledge.watson.org>
In-Reply-To: <200204231839.g3NId1UR013639@winston.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Sigh. I responded privately, but I see a plethora of mis-informed response
also.  Please commit the fix to the S/Key code, rather than disabling
challenge response protocol behavior.  There's nothing wrong with
supporting the challenge/response parts of the protocol, and it's even
desirable from a PAM perspective.  Go fix it properly.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Tue, 23 Apr 2002, Jordan Hubbard wrote:

> I'm going to commit the following in 48 hours unless someone can
> convince me that it's a good idea for FreeBSD to be the odd-OS out
> with respect to this behavior:
> 
> Index: sshd_config
> ===================================================================
> RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
> retrieving revision 1.4.2.6
> diff -u -r1.4.2.6 sshd_config
> --- sshd_config	28 Sep 2001 01:33:35 -0000	1.4.2.6
> +++ sshd_config	23 Apr 2002 18:38:01 -0000
> @@ -48,8 +48,8 @@
>  PasswordAuthentication yes
>  PermitEmptyPasswords no
>  
> -# Uncomment to disable s/key passwords 
> -#ChallengeResponseAuthentication no
> +# Comment out to enable s/key passwords 
> +ChallengeResponseAuthentication no
>  
>  # To change Kerberos options
>  #KerberosAuthentication no
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020424214955.55944N-100000>