From owner-freebsd-current  Wed Jul 10  6:37:17 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 34FBD37B400
	for <current@freebsd.org>; Wed, 10 Jul 2002 06:37:15 -0700 (PDT)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F72043E4A
	for <current@freebsd.org>; Wed, 10 Jul 2002 06:37:14 -0700 (PDT)
	(envelope-from des@ofug.org)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 47CCB534A; Wed, 10 Jul 2002 15:37:11 +0200 (CEST)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: current@freebsd.org
Subject: Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd)
References: <20020709133611.GA17322@nagual.pp.ru>
	<xzpd6txj93r.fsf@flood.ping.uio.no>
	<20020709164108.GA19075@nagual.pp.ru>
	<xzpr8icinnb.fsf@flood.ping.uio.no>
	<20020709232559.GA23499@nagual.pp.ru>
	<xzpd6tvj3h3.fsf@flood.ping.uio.no>
	<20020710115021.GA28478@nagual.pp.ru>
	<xzpznwzg4k0.fsf@flood.ping.uio.no>
	<20020710122357.GA29452@nagual.pp.ru>
	<xzpptxvg2h8.fsf@flood.ping.uio.no>
	<20020710132801.GA30351@nagual.pp.ru>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 10 Jul 2002 15:37:11 +0200
In-Reply-To: <20020710132801.GA30351@nagual.pp.ru>
Message-ID: <xzp8z4jg0vs.fsf@flood.ping.uio.no>
Lines: 22
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

"Andrey A. Chernov" <ache@nagual.pp.ru> writes:
> On Wed, Jul 10, 2002 at 15:02:43 +0200, Dag-Erling Smorgrav wrote:
> > But why disable keyboard-interactive authentication?
> There is nowhere documented that keyboard-interactive auth is required for
> PasswordAuthentication.  It works without it for ages. Sysadmins tends to
> remove all unneded auth schemes to minimize compromise risk and left only
> few or even one auth scheme.

Andrey, I'd really suggest you back off and chill down.  You're not
making any sense at all.  If your config file really disables all
authentication methods except PasswordAuthentication, then OPIE
*never* worked for you, because it *cannot* be implemented over the
SSH PaswordAuthentication protocol.

>                  Expect mass complaints when this goes to -stable, 
> especially because of hidden nature of this bug.

It *is* in -STABLE.  Nobody's complained.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message