From owner-freebsd-security@FreeBSD.ORG Fri Mar 11 17:43:50 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4ED81065672 for ; Fri, 11 Mar 2011 17:43:50 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from cpoproxy3-pub.bluehost.com (cpoproxy3-pub.bluehost.com [67.222.54.6]) by mx1.freebsd.org (Postfix) with SMTP id 7A63E8FC0C for ; Fri, 11 Mar 2011 17:43:50 +0000 (UTC) Received: (qmail 14142 invoked by uid 0); 11 Mar 2011 17:17:10 -0000 Received: from unknown (HELO box543.bluehost.com) (74.220.219.143) by cpoproxy3.bluehost.com with SMTP; 11 Mar 2011 17:17:10 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=UwxTDq+rlE/ZEJpvM3apeMJ2PTHb8qZRflpxb5BRl4MoePEoXHRLYtjM4sqQi1PVRrZTeRyM8HlXUz+tGLkMt14nfFKU48wWicH/b0JHJ2Mt0lgeBjkHtwAdYihW3KV3; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kukaburra.hydra) by box543.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1Py5xd-0004sq-37 for freebsd-security@freebsd.org; Fri, 11 Mar 2011 10:17:10 -0700 Received: by kukaburra.hydra (sSMTP sendmail emulation); Fri, 11 Mar 2011 10:05:44 -0700 Date: Fri, 11 Mar 2011 10:05:44 -0700 From: Chad Perrin To: freebsd-security@freebsd.org Message-ID: <20110311170544.GA85386@guilt.hydra> Mail-Followup-To: freebsd-security@freebsd.org References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <8662rqyonl.fsf@ds4.des.no> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8" Content-Disposition: inline In-Reply-To: <8662rqyonl.fsf@ds4.des.no> User-Agent: Mutt/1.4.2.3i X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2011 17:43:50 -0000 --ibTvN161/egqYuK8 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 11, 2011 at 10:47:26AM +0100, Dag-Erling Sm=F8rgrav wrote: > Lionel Flandrin writes: > > I'd try to install and configure OTPW on my server to replace OPIE, > > but it's not in the ports and I don't know PAM well enough to try and > > mess with it, I would probably end up opening more security holes than > > I'm fixing. >=20 > If it's as good as the ad copy says it is, and the license is OK, I > might import it into the base system. Might take some time, though. The license for OTPW is not appropriate for importation into the base system of any BSD Unix system. It's GPLed software. If people want it in FreeBSD, it should go into ports. --=20 Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --ibTvN161/egqYuK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk16VmgACgkQ9mn/Pj01uKWWuQCbB34JiG3RnCL9LuY67cklSpEj cPQAoL/5eehtn/huOr9Ik6k7KwEwr3Uw =LUM1 -----END PGP SIGNATURE----- --ibTvN161/egqYuK8--