Segmentation fault on OPIE when sequence number <0

Dany dany_list at natzo.com
Mon Jan 19 19:36:52 PST 2004 

In order to allow my user to login using his regular Unix password I had 
to remove the file /etc/opiekeys

I've tried the same opiepasswd thing on a Debian box and when the s/key 
expired (sequence #  = 0), I just pressed enter in order to get the 
Password prompt for the Unix password.

Just for information heres is my /etc/pam.d/login (stock from 5.2R 
install)  :
auth required pam_nologin.so  no_warn
auth sufficient pam_self.so no_warn
auth include system

account requisite pam_securetty.so
account include system

session include system

password include system

How did I get the OPIE running in the first place without any 
modification of this file ?

On the debian one I had to add "auth sufficient pam_opie.so" and "auth 
required pam_deny.so".

Dany

Dany wrote:

> Playing around with OPIE I used the following command on a 5.2R 
> (hopefully I still have my root working) :
>
> 1) from the user account :
> #opiepasswd -c -n 2
> I put 2 for the initial sequence number just to see what would happen 
> to the user when he reaches 0
>
> Entered my passphrase, got the seed and got the first response.
>
> 2) I didn't touch the /etc/pam.d/login but noticed that it didn't 
> contain any reference to opie (/etc/pam.d/ssh does have some).
>
> 3) After exiting the current session, I got :
> login : alpha
> otp-md5 2 he201
> Password:
>
> I think I tried my regular Unix password first and it worked. I logged 
> out and this time I used the response computed by my external s/key 
> calculator. It worked well and I was logged in... nice !
>
> 4) So I repeated that process until I reached 0.
>
> 5) Now this is what I get :
> login: alpha
> otp-md5 -1 (null) ext
> Password:
>
> I now my s/key password has expired so I put in my Unix password and 
> received a nice :
>
> FreeBSD/i386 (local) (ttyv0)
> login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on 
> signal 11 (core dumped)
>
> 6) I though it was some kind of security mecanism so I logged back on 
> my root account.
>
> 7) Trying to disable OPIE login for alpha using the following command :
> #opiepasswd -d alpha
> Updating alpha:
> Segmentation fault (core dumped)
> local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: 
> exited on signal 11 (core dumped)
>
> I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I 
> received the same segmentation fault.
>
> a) how did OPIE worked in the first place with no mention to it in 
> /etc/pam.d/login ?
> b) why do I get a segmentation fault ?
>
> Thanks
> Dany
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list