Segmentation fault on OPIE when sequence number <0
Dany
dany_list at natzo.com
Mon Jan 19 19:36:52 PST 2004
In order to allow my user to login using his regular Unix password I had
to remove the file /etc/opiekeys
I've tried the same opiepasswd thing on a Debian box and when the s/key
expired (sequence # = 0), I just pressed enter in order to get the
Password prompt for the Unix password.
Just for information heres is my /etc/pam.d/login (stock from 5.2R
install) :
auth required pam_nologin.so no_warn
auth sufficient pam_self.so no_warn
auth include system
account requisite pam_securetty.so
account include system
session include system
password include system
How did I get the OPIE running in the first place without any
modification of this file ?
On the debian one I had to add "auth sufficient pam_opie.so" and "auth
required pam_deny.so".
Dany
Dany wrote:
> Playing around with OPIE I used the following command on a 5.2R
> (hopefully I still have my root working) :
>
> 1) from the user account :
> #opiepasswd -c -n 2
> I put 2 for the initial sequence number just to see what would happen
> to the user when he reaches 0
>
> Entered my passphrase, got the seed and got the first response.
>
> 2) I didn't touch the /etc/pam.d/login but noticed that it didn't
> contain any reference to opie (/etc/pam.d/ssh does have some).
>
> 3) After exiting the current session, I got :
> login : alpha
> otp-md5 2 he201
> Password:
>
> I think I tried my regular Unix password first and it worked. I logged
> out and this time I used the response computed by my external s/key
> calculator. It worked well and I was logged in... nice !
>
> 4) So I repeated that process until I reached 0.
>
> 5) Now this is what I get :
> login: alpha
> otp-md5 -1 (null) ext
> Password:
>
> I now my s/key password has expired so I put in my Unix password and
> received a nice :
>
> FreeBSD/i386 (local) (ttyv0)
> login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on
> signal 11 (core dumped)
>
> 6) I though it was some kind of security mecanism so I logged back on
> my root account.
>
> 7) Trying to disable OPIE login for alpha using the following command :
> #opiepasswd -d alpha
> Updating alpha:
> Segmentation fault (core dumped)
> local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0:
> exited on signal 11 (core dumped)
>
> I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I
> received the same segmentation fault.
>
> a) how did OPIE worked in the first place with no mention to it in
> /etc/pam.d/login ?
> b) why do I get a segmentation fault ?
>
> Thanks
> Dany
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list