From owner-freebsd-current  Wed Jul 10  8:24:17 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1977D37B400
	for <current@FreeBSD.ORG>; Wed, 10 Jul 2002 08:24:14 -0700 (PDT)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 096CE43E52
	for <current@FreeBSD.ORG>; Wed, 10 Jul 2002 08:24:13 -0700 (PDT)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g6AFO05C031792;
	Wed, 10 Jul 2002 19:24:11 +0400 (MSD)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g6AFNxkn031791;
	Wed, 10 Jul 2002 19:23:59 +0400 (MSD)
	(envelope-from ache)
Date: Wed, 10 Jul 2002 19:23:59 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: current@FreeBSD.ORG
Subject: Patch for review (was Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd))
Message-ID: <20020710152358.GA31729@nagual.pp.ru>
References: <20020709164108.GA19075@nagual.pp.ru> <xzpr8icinnb.fsf@flood.ping.uio.no> <20020709232559.GA23499@nagual.pp.ru> <xzpd6tvj3h3.fsf@flood.ping.uio.no> <20020710115021.GA28478@nagual.pp.ru> <xzpznwzg4k0.fsf@flood.ping.uio.no> <20020710122357.GA29452@nagual.pp.ru> <xzpptxvg2h8.fsf@flood.ping.uio.no> <20020710132801.GA30351@nagual.pp.ru> <xzp8z4jg0vs.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzp8z4jg0vs.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Wed, Jul 10, 2002 at 15:37:11 +0200, Dag-Erling Smorgrav wrote:
> making any sense at all.  If your config file really disables all
> authentication methods except PasswordAuthentication, then OPIE
> *never* worked for you, because it *cannot* be implemented over the
> SSH PaswordAuthentication protocol.

OPIE should be not enabled by default since according to your own words 
"it *cannot* be implemented over the SSH PaswordAuthentication protocol."
PasswordAuthentication is very broken otherwise and not allows to log in.

--- sshd.bak	Tue Jul  9 14:55:05 2002
+++ sshd	Wed Jul 10 19:16:54 2002
@@ -6,8 +6,8 @@
 
 # auth
 auth		required	pam_nologin.so	no_warn
-auth		sufficient	pam_opie.so	no_warn no_fake_prompts
-auth		required	pam_opieaccess.so	no_warn
+#auth            sufficient      pam_opie.so     no_warn no_fake_prompts
+#auth            required        pam_opieaccess.so       no_warn
 auth		required	pam_unix.so	no_warn try_first_pass
 
 # account

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message