misc/61701: Segmentation fault on OPIE when sequence number=-1

Dany Nativel dany at natzo.com
Wed Jan 21 18:50:23 PST 2004 

>Number:         61701
>Category:       misc
>Synopsis:       Segmentation fault on OPIE when sequence number=-1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 21 18:50:20 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Dany Nativel
>Release:        5.2 Release
>Organization:
>Environment:
FreeBSD hermes.agora 5.2-RELEASE FreeBSD 5.2-RELEASE #9: Tue Jan 13 21:59:17 EST 2004     alpha at hermes.agora:/usr/obj/usr/src/sys/HERMES  i386
>Description:
When opie sequence number reaches -1 for a given user (no more s/key login), it's impossible to :

1) Use the regular Unix password (even if authorized and was working before) ... core dumped
2) Disable the OPIE login for this user using opiepasswd  ... seg fault

PS 1:How did OPIE worked in the first place with no mention to it in /etc/pam.d/login ?

PS 2: /etc/pam.d/login (stock from 5.2R install) :
code:auth required pam_nologin.so  no_warn
auth sufficient pam_self.so no_warn
auth include system

account requisite pam_securetty.so
account include system

session include system

password include system
>How-To-Repeat:
A] LOGIN USING UNIX PASSWORD WHEN OPIE support has expired
1) from the user account :
#opiepasswd -c -n 2    (any number in fact)

2)  Quit the current session for login prompt :
login : alpha
otp-md5 2 he201
Password:

3) Enter valid s/key, loggout and repeat that process until reaching sequence number=-1

4) Then try to use you regular Unix password (I could use it when sequence key was <>-1):
login: alpha
otp-md5 -1 (null) ext
Password:   <-  Unix password

code:FreeBSD/i386 (local) (ttyv0)
login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on signal 11 (core dumped)

B] DISABLE OPIE LOGIN using opiepasswd when opie expired
Using root account :
#opiepasswd -d alpha    (nb opiepasswd -c doesn't work either)

Updating alpha:
Segmentation fault (core dumped)
local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: exited on signal 11 (core dumped)
>Fix:
--> Quick Fix :
In order to allow my unlucky user to login back using his regular Unix password I had to remove the file /etc/opiekeys

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list