From owner-freebsd-current  Wed Jul 10  7:11:34 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1BA1637B400
	for <current@freebsd.org>; Wed, 10 Jul 2002 07:11:31 -0700 (PDT)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0AEC043E4A
	for <current@freebsd.org>; Wed, 10 Jul 2002 07:11:30 -0700 (PDT)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g6AEBI5C030977;
	Wed, 10 Jul 2002 18:11:26 +0400 (MSD)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g6AEBIQ4030976;
	Wed, 10 Jul 2002 18:11:18 +0400 (MSD)
	(envelope-from ache)
Date: Wed, 10 Jul 2002 18:11:18 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: current@freebsd.org
Subject: Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd)
Message-ID: <20020710141117.GA30893@nagual.pp.ru>
References: <20020709164108.GA19075@nagual.pp.ru> <xzpr8icinnb.fsf@flood.ping.uio.no> <20020709232559.GA23499@nagual.pp.ru> <xzpd6tvj3h3.fsf@flood.ping.uio.no> <20020710115021.GA28478@nagual.pp.ru> <xzpznwzg4k0.fsf@flood.ping.uio.no> <20020710122357.GA29452@nagual.pp.ru> <xzpptxvg2h8.fsf@flood.ping.uio.no> <20020710132801.GA30351@nagual.pp.ru> <xzp8z4jg0vs.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzp8z4jg0vs.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Wed, Jul 10, 2002 at 15:37:11 +0200, Dag-Erling Smorgrav wrote:

> Andrey, I'd really suggest you back off and chill down.  You're not
> making any sense at all.  If your config file really disables all
> authentication methods except PasswordAuthentication, then OPIE
> *never* worked for you, because it *cannot* be implemented over the
> SSH PaswordAuthentication protocol.

I say exact the same thing. 

1) I not expect that OPIE will work at this place.

2) Moreover, I don't want OPIE here.

3) I don't need, don't want and not expect any OPIE, I want forget about 
it.

But...

4) OPIE _automatically_ instered in the middle of auth against my will
due to /etc/pam.d/sshd pam_opie* lines enabled by default.

5) OPIE is inserted inside the auth where it can't work in any case
(inside PasswordAuthentication).

6) This bad OPIE insertion not documented anywhere in ssh manpages.

> >                  Expect mass complaints when this goes to -stable, 
> > especially because of hidden nature of this bug.
> 
> It *is* in -STABLE.  Nobody's complained.

Because of broken libopie (opieaccess). But someday -current fix will be 
merged.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message