Date: Mon, 19 Jan 2004 22:36:47 -0500 From: Dany <dany_list@natzo.com> To: freebsd-questions@freebsd.org Subject: Re: Segmentation fault on OPIE when sequence number <0 Message-ID: <400CA24F.7020009@natzo.com> In-Reply-To: <400C9CE9.9050705@natzo.com> References: <400C9CE9.9050705@natzo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In order to allow my user to login using his regular Unix password I had to remove the file /etc/opiekeys I've tried the same opiepasswd thing on a Debian box and when the s/key expired (sequence # = 0), I just pressed enter in order to get the Password prompt for the Unix password. Just for information heres is my /etc/pam.d/login (stock from 5.2R install) : auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth include system account requisite pam_securetty.so account include system session include system password include system How did I get the OPIE running in the first place without any modification of this file ? On the debian one I had to add "auth sufficient pam_opie.so" and "auth required pam_deny.so". Dany Dany wrote: > Playing around with OPIE I used the following command on a 5.2R > (hopefully I still have my root working) : > > 1) from the user account : > #opiepasswd -c -n 2 > I put 2 for the initial sequence number just to see what would happen > to the user when he reaches 0 > > Entered my passphrase, got the seed and got the first response. > > 2) I didn't touch the /etc/pam.d/login but noticed that it didn't > contain any reference to opie (/etc/pam.d/ssh does have some). > > 3) After exiting the current session, I got : > login : alpha > otp-md5 2 he201 > Password: > > I think I tried my regular Unix password first and it worked. I logged > out and this time I used the response computed by my external s/key > calculator. It worked well and I was logged in... nice ! > > 4) So I repeated that process until I reached 0. > > 5) Now this is what I get : > login: alpha > otp-md5 -1 (null) ext > Password: > > I now my s/key password has expired so I put in my Unix password and > received a nice : > > FreeBSD/i386 (local) (ttyv0) > login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on > signal 11 (core dumped) > > 6) I though it was some kind of security mecanism so I logged back on > my root account. > > 7) Trying to disable OPIE login for alpha using the following command : > #opiepasswd -d alpha > Updating alpha: > Segmentation fault (core dumped) > local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: > exited on signal 11 (core dumped) > > I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I > received the same segmentation fault. > > a) how did OPIE worked in the first place with no mention to it in > /etc/pam.d/login ? > b) why do I get a segmentation fault ? > > Thanks > Dany > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?400CA24F.7020009>