Date: Sat, 19 Jan 2002 17:03:09 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119140308.GA9574@nagual.pp.ru> In-Reply-To: <20020119134810.GB9275@nagual.pp.ru> References: <200201191009.g0JA95b91076@freefall.freebsd.org> <20020119042808.A67985@xor.obsecurity.org> <20020119123903.GA8776@nagual.pp.ru> <20020119124322.GB8776@nagual.pp.ru> <20020119053506.A77530@xor.obsecurity.org> <20020119134810.GB9275@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Jan 19, 2002 at 16:48:10 +0300, Andrey A. Chernov wrote: > nobody comes with re-implementation, it is removed because cause problems. Problems are: 1) User confusion. Example: Imagine that you have insecure host and want to enter 'su'. You can configure it to use OPIE. And afterwards not only you will see its prompt, but all other users, not OPIE-enabled, will see fake promts too, constantly asking questions to admin. 2) Automatic tasks protocol confusion. Example: Imagine that you have script which enters FTP, confirming user/password, in the send/expect form. If you ever enable OPIE for _one_ ftp user in your system, the script stops to work due to unknown FTP response. 3) False sense that OPIE is alive. Example: Imagine that filesystem error remove some OPIE-critical file. And very-very long time users will try to enter the system answering on fake prompts instead of reporting its admin immediately. All of this so obvious so I wonder what ever discussion can happens here. -- Andrey A. Chernov http://ache.pp.ru/ [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBPEl8nOJgpPLZnQjrAQFI9QQArYEWZHbtXZhDyF8ywRZ4XvXJb4C49r6Y 5SAODxpI/0TuQNuoPvQgn4BeLjof/6eAzW2EDwOFTiF8rJ/qgzX59WVTPFaLngSx sd+NeuR0TDo1qAhXQt7R6lzvGGrqRU3VAxhongowrYOlLrbQZmwvUxBLNYX4I+ic Y9ueK3Fa4f8= =snp+ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119140308.GA9574>