Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Jul 2002 17:28:02 +0400
From:      "Andrey A. Chernov" <ache@nagual.pp.ru>
To:        Dag-Erling Smorgrav <des@ofug.org>
Cc:        current@freebsd.org
Subject:   Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd)
Message-ID:  <20020710132801.GA30351@nagual.pp.ru>
In-Reply-To: <xzpptxvg2h8.fsf@flood.ping.uio.no>
References:  <20020709133611.GA17322@nagual.pp.ru> <xzpd6txj93r.fsf@flood.ping.uio.no> <20020709164108.GA19075@nagual.pp.ru> <xzpr8icinnb.fsf@flood.ping.uio.no> <20020709232559.GA23499@nagual.pp.ru> <xzpd6tvj3h3.fsf@flood.ping.uio.no> <20020710115021.GA28478@nagual.pp.ru> <xzpznwzg4k0.fsf@flood.ping.uio.no> <20020710122357.GA29452@nagual.pp.ru> <xzpptxvg2h8.fsf@flood.ping.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 10, 2002 at 15:02:43 +0200, Dag-Erling Smorgrav wrote:
> 
> But why disable keyboard-interactive authentication?

There is nowhere documented that keyboard-interactive auth is required for
PasswordAuthentication. It works without it for ages. Sysadmins tends to
remove all unneded auth schemes to minimize compromise risk and left only
few or even one auth scheme.

> Really, Andrey, I get the feeling that you've shot yourself in the
> foot and are asking me why it hurts.

To shot yourself an additional action needed. But without any additional
action I have untouched config files which works for ages and stop working
now due to additional undocumented keyboard-interactive auth requirement
or commenting out pam_opie* requirement. I think I am not only one with 
this setup type. Expect mass complaints when this goes to -stable, 
especially because of hidden nature of this bug.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020710132801.GA30351>