Date: Wed, 10 Jul 2002 17:28:02 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Dag-Erling Smorgrav <des@ofug.org> Cc: current@freebsd.org Subject: Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd) Message-ID: <20020710132801.GA30351@nagual.pp.ru> In-Reply-To: <xzpptxvg2h8.fsf@flood.ping.uio.no> References: <20020709133611.GA17322@nagual.pp.ru> <xzpd6txj93r.fsf@flood.ping.uio.no> <20020709164108.GA19075@nagual.pp.ru> <xzpr8icinnb.fsf@flood.ping.uio.no> <20020709232559.GA23499@nagual.pp.ru> <xzpd6tvj3h3.fsf@flood.ping.uio.no> <20020710115021.GA28478@nagual.pp.ru> <xzpznwzg4k0.fsf@flood.ping.uio.no> <20020710122357.GA29452@nagual.pp.ru> <xzpptxvg2h8.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 10, 2002 at 15:02:43 +0200, Dag-Erling Smorgrav wrote: > > But why disable keyboard-interactive authentication? There is nowhere documented that keyboard-interactive auth is required for PasswordAuthentication. It works without it for ages. Sysadmins tends to remove all unneded auth schemes to minimize compromise risk and left only few or even one auth scheme. > Really, Andrey, I get the feeling that you've shot yourself in the > foot and are asking me why it hurts. To shot yourself an additional action needed. But without any additional action I have untouched config files which works for ages and stop working now due to additional undocumented keyboard-interactive auth requirement or commenting out pam_opie* requirement. I think I am not only one with this setup type. Expect mass complaints when this goes to -stable, especially because of hidden nature of this bug. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020710132801.GA30351>