From owner-freebsd-current  Wed Jul 10  6:28:16 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EE19837B400
	for <current@freebsd.org>; Wed, 10 Jul 2002 06:28:11 -0700 (PDT)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D05C143E58
	for <current@freebsd.org>; Wed, 10 Jul 2002 06:28:10 -0700 (PDT)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g6ADS25C030572;
	Wed, 10 Jul 2002 17:28:09 +0400 (MSD)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g6ADS2ud030571;
	Wed, 10 Jul 2002 17:28:02 +0400 (MSD)
	(envelope-from ache)
Date: Wed, 10 Jul 2002 17:28:02 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: current@freebsd.org
Subject: Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd)
Message-ID: <20020710132801.GA30351@nagual.pp.ru>
References: <20020709133611.GA17322@nagual.pp.ru> <xzpd6txj93r.fsf@flood.ping.uio.no> <20020709164108.GA19075@nagual.pp.ru> <xzpr8icinnb.fsf@flood.ping.uio.no> <20020709232559.GA23499@nagual.pp.ru> <xzpd6tvj3h3.fsf@flood.ping.uio.no> <20020710115021.GA28478@nagual.pp.ru> <xzpznwzg4k0.fsf@flood.ping.uio.no> <20020710122357.GA29452@nagual.pp.ru> <xzpptxvg2h8.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzpptxvg2h8.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Wed, Jul 10, 2002 at 15:02:43 +0200, Dag-Erling Smorgrav wrote:
> 
> But why disable keyboard-interactive authentication?

There is nowhere documented that keyboard-interactive auth is required for
PasswordAuthentication. It works without it for ages. Sysadmins tends to
remove all unneded auth schemes to minimize compromise risk and left only
few or even one auth scheme.

> Really, Andrey, I get the feeling that you've shot yourself in the
> foot and are asking me why it hurts.

To shot yourself an additional action needed. But without any additional
action I have untouched config files which works for ages and stop working
now due to additional undocumented keyboard-interactive auth requirement
or commenting out pam_opie* requirement. I think I am not only one with 
this setup type. Expect mass complaints when this goes to -stable, 
especially because of hidden nature of this bug.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message