Sex, 2011-04-01 às 15:33 +0100, István escreveu:
> FreeBSD ships OpenSSL but it is broken because there is no CA. Right, it is
> like shipping a car without wheels, I suppose.
>
> Is there a reason to do this?
>
> How much effort would be to ship a complete SSL stack, including the root
> CAs, j
Sex, 2011-03-11 às 21:15 +, Miguel Lopes Santos Ramos escreveu:
> Here's a scratch.
>
> I added an option, called "require_trusted", which enforces the trusted
> network check even for users which do not have OPIE enabled.
> If this option is not used, behavio
Dom, 2011-03-13 às 22:05 +, RW escreveu:
> On Sun, 13 Mar 2011 21:06:17 +
> Miguel Lopes Santos Ramos wrote:
> > Ok, admittedly, it took me a while to see in what way that could be a
> > weekness. It's a bit like hoping for a little remaining security after
&g
Seg, 2011-03-14 às 07:40 +1100, Peter Jeremy escreveu:
> On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos
> wrote:
> >- The objection on S/KEY on that wiki page, that it's possible to
> >compute all previous passwords, is a bit odd, since past passwords w
Sáb, 2011-03-12 às 12:12 +, Lionel Flandrin escreveu:
(...)
> Even with SSH/HTTPS you're at risk if someone hijacks your session not
> by man-in-the-middle'ing your network connection but by using a
> keylogger directly on your guest OS or even on your USB port.
(...)
> By the way, I'm working
r things out, and the best way seemed to be
negating everything.
I still scratched a bit more, but it started looking like much ado about
nothing.
Sex, 2011-03-11 às 10:17 +, Miguel Lopes Santos Ramos escreveu:
> Sex, 2011-03-11 às 10:46 +0100, Dag-Erling Smørgrav escreveu:
> > Mig
Sex, 2011-03-11 às 10:46 +0100, Dag-Erling Smørgrav escreveu:
> Miguel Lopes Santos Ramos writes:
> > 1. The user does not have OPIE enabled and the remote host is listed as
> > a trusted host in /etc/opieaccess.
> > 2. The user has OPIE enabled and the remote host is listed
Qui, 2011-03-10 às 20:26 +, Lionel Flandrin escreveu:
> On Thu, Mar 10, 2011 at 07:12:41PM +0000, Miguel Lopes Santos Ramos wrote:
> >
> > Thanks. I'll probably be looking into that sooner or latter.
> >
> > However, OPIE, nobody cares about OPIE?
>
>
Qui, 2011-03-10 às 19:20 +0100, Remko Lodder escreveu:
> > Yes, that's right. That would solve a whole lot of other problems too.
> > It's true that I'm using SSH in many cases just as an easy to administer
> > VPN. I've been postponing that for years. But I would need something
> > that worked wi
Qui, 2011-03-10 às 02:23 -0500, J. Hellenthal escreveu:
> On Wed, 9 Mar 2011 09:51, mbox@ wrote:
> >
> > I think the way pam_opieaccess behaves is like "leave a security breach
> > by default". I think it would be more usefull if it returned PAM_SUCCESS
> > when:
> >
> > 1. The user does not have
Hi,
This is about pam_opieaccess. Because there's no project page for OPIE
outside FreeBSD and because I found other complaints on pam_opieaccess
on this list
(http://www.derkeiler.com/Mailing-Lists/FreeBSD-Security/2003-06/0118.html),
I'm posting this here, I hope it's OK.
For a few years now
11 matches
Mail list logo
