From owner-freebsd-questions@FreeBSD.ORG Mon Jan 19 19:36:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E581D16A4CE for ; Mon, 19 Jan 2004 19:36:51 -0800 (PST) Received: from cpanel10.gzo.com (69-56-171-54.theplanet.com [69.56.171.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37FE543D2D for ; Mon, 19 Jan 2004 19:36:50 -0800 (PST) (envelope-from dany_list@natzo.com) Received: from pcp04639464pcs.gambrl01.md.comcast.net ([68.50.51.181] helo=natzo.com) by cpanel10.gzo.com with asmtp (TLSv1:RC4-MD5:128) (Exim 4.24) id 1Aimgz-0001jK-TJ for freebsd-questions@freebsd.org; Mon, 19 Jan 2004 21:36:42 -0600 Message-ID: <400CA24F.7020009@natzo.com> Date: Mon, 19 Jan 2004 22:36:47 -0500 From: Dany User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <400C9CE9.9050705@natzo.com> In-Reply-To: <400C9CE9.9050705@natzo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel10.gzo.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - natzo.com Subject: Re: Segmentation fault on OPIE when sequence number <0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2004 03:36:52 -0000 In order to allow my user to login using his regular Unix password I had to remove the file /etc/opiekeys I've tried the same opiepasswd thing on a Debian box and when the s/key expired (sequence # = 0), I just pressed enter in order to get the Password prompt for the Unix password. Just for information heres is my /etc/pam.d/login (stock from 5.2R install) : auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth include system account requisite pam_securetty.so account include system session include system password include system How did I get the OPIE running in the first place without any modification of this file ? On the debian one I had to add "auth sufficient pam_opie.so" and "auth required pam_deny.so". Dany Dany wrote: > Playing around with OPIE I used the following command on a 5.2R > (hopefully I still have my root working) : > > 1) from the user account : > #opiepasswd -c -n 2 > I put 2 for the initial sequence number just to see what would happen > to the user when he reaches 0 > > Entered my passphrase, got the seed and got the first response. > > 2) I didn't touch the /etc/pam.d/login but noticed that it didn't > contain any reference to opie (/etc/pam.d/ssh does have some). > > 3) After exiting the current session, I got : > login : alpha > otp-md5 2 he201 > Password: > > I think I tried my regular Unix password first and it worked. I logged > out and this time I used the response computed by my external s/key > calculator. It worked well and I was logged in... nice ! > > 4) So I repeated that process until I reached 0. > > 5) Now this is what I get : > login: alpha > otp-md5 -1 (null) ext > Password: > > I now my s/key password has expired so I put in my Unix password and > received a nice : > > FreeBSD/i386 (local) (ttyv0) > login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on > signal 11 (core dumped) > > 6) I though it was some kind of security mecanism so I logged back on > my root account. > > 7) Trying to disable OPIE login for alpha using the following command : > #opiepasswd -d alpha > Updating alpha: > Segmentation fault (core dumped) > local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: > exited on signal 11 (core dumped) > > I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I > received the same segmentation fault. > > a) how did OPIE worked in the first place with no mention to it in > /etc/pam.d/login ? > b) why do I get a segmentation fault ? > > Thanks > Dany > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"