On Wed, Jul 10, 2002 at 19:55:19 +0200, Dag-Erling Smorgrav wrote:
> Neither fix is correct. The correct solution is to remove the kludge
> in auth-passwd.c that tries to use PAM for password authentication.
I agree completely. My fix was quick & dirty workaround only and not
planned as a full
"Andrey A. Chernov" wrote:
> On Wed, Jul 10, 2002 at 14:17:51 +0200, Dag-Erling Smorgrav wrote:
> > "Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> > > Why what? Sysadmin allows PasswordAuthentication only.
> >
> > Why?
>
> Because he choose to not trust hosts keys which can be stolen especiall
Neither fix is correct. The correct solution is to remove the kludge
in auth-passwd.c that tries to use PAM for password authentication.
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
On Wed, Jul 10, 2002 at 09:37:24 -0700, Gregory Neil Shapiro wrote:
> The problem seems to be the addition of opieaccess to the PAM
> configuration.
Not to PAM, but more strictly, to PAMified sshd. Addition of it to other
PAMified programs works as expected.
> With that addition, in -CURRENT,
If I may suggest a fix that will probably make everyone happy...
The problem seems to be the addition of opieaccess to the PAM
configuration. With that addition, in -CURRENT, unless a user creates
/etc/opieaccess and adds explicit "permit" lines, plain text passwords will
not be accepted if OPIE
On Wed, Jul 10, 2002 at 15:37:11 +0200, Dag-Erling Smorgrav wrote:
> making any sense at all. If your config file really disables all
> authentication methods except PasswordAuthentication, then OPIE
> *never* worked for you, because it *cannot* be implemented over the
> SSH PaswordAuthentication
On Wed, Jul 10, 2002 at 15:37:11 +0200, Dag-Erling Smorgrav wrote:
> Andrey, I'd really suggest you back off and chill down. You're not
> making any sense at all. If your config file really disables all
> authentication methods except PasswordAuthentication, then OPIE
> *never* worked for you,
On Wed, Jul 10, 2002 at 15:37:11 +0200, Dag-Erling Smorgrav wrote:
> Andrey, I'd really suggest you back off and chill down. You're not
> making any sense at all. If your config file really disables all
> authentication methods except PasswordAuthentication, then OPIE
> *never* worked for you,
"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> On Wed, Jul 10, 2002 at 15:02:43 +0200, Dag-Erling Smorgrav wrote:
> > But why disable keyboard-interactive authentication?
> There is nowhere documented that keyboard-interactive auth is required for
> PasswordAuthentication. It works without it
On Wed, Jul 10, 2002 at 15:02:43 +0200, Dag-Erling Smorgrav wrote:
>
> But why disable keyboard-interactive authentication?
There is nowhere documented that keyboard-interactive auth is required for
PasswordAuthentication. It works without it for ages. Sysadmins tends to
remove all unneded auth
"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> On Wed, Jul 10, 2002 at 14:17:51 +0200, Dag-Erling Smorgrav wrote:
> > "Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> > > Why what? Sysadmin allows PasswordAuthentication only.
> > Why?
> Because he choose to not trust hosts keys which can be st
On Wed, Jul 10, 2002 at 14:17:51 +0200, Dag-Erling Smorgrav wrote:
> "Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> > Why what? Sysadmin allows PasswordAuthentication only.
>
> Why?
Because he choose to not trust hosts keys which can be stolen especially
when not password-protected. Because i
"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> Why what? Sysadmin allows PasswordAuthentication only.
Why?
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
On Wed, Jul 10, 2002 at 12:12:56 +0200, Dag-Erling Smorgrav wrote:
> "Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> > Consider following setup: OPIE is active and allow Unix plaintext
> > passwords for local users only (i.e. common way of using OPIE). Then lets
> > disable all sshd auth methods
"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> Consider following setup: OPIE is active and allow Unix plaintext
> passwords for local users only (i.e. common way of using OPIE). Then lets
> disable all sshd auth methods excepting "PasswordAuthentication yes" in
> sshd_config.
Why?
> 2nd bug
On Wed, Jul 10, 2002 at 03:26:02 +0400, Andrey A. Chernov wrote:
>
> 1) It is client-related, so even if you'll fix sshd to print OTP prompt,
This is the question: who print password prompt? By very quick and
incomplete look I see that it is client himself, not server, so it seems
there is no wa
On Tue, Jul 09, 2002 at 23:42:32 +0200, Dag-Erling Smorgrav wrote:
> Seriously, can you please turn down the hysteria a couple of notches
> and give me a proper bug report?
On Tue, Jul 09, 2002 at 23:42:32 +0200, Dag-Erling Smorgrav wrote:
> Seriously, can you please turn down the hysteria a cou
"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> BTW, OPIE auth broken too that way. In any ssh client I use I see _no_
> OPIE prompt like: [...]
You're jinxed. You probably offended an evil spirit in a previous
life and it has come back to haunt you.
Seriously, can you please turn down the hy
18 matches
Mail list logo
