From nobody Sun Oct 02 01:38:13 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mg66s6vcyz4d4BH; Sun, 2 Oct 2022 01:38:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mg66s6gYZz3jVc; Sun, 2 Oct 2022 01:38:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664674693; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3RHHbPwXOOggCsrTn4iJYiGYm2sYlgJMA8xYcRhsVb8=; b=erHWlVqpaGj2sNh9xydQA2xZPD1WN06GbHHE/Icf4CTxKFSntt/+L3P9AVjBfsfF2aPaH/ u66mHnSdWQP7tlhgMsQR4N+DMoNpLU3BBEKafVQO2NyGul8EOUmk2kFT8dsVUSXTDtRY+9 IJ0EAeSMqNXptPnoursS6e1G2yckbwYXICCZaRWWOpAmg1sAhocZrjZAGqeD4FF2QmAyX7 fCLDbqJXFxy84ZlS8yurlDDWZm8LeCJZv+TiOsB7ZQUug3lfaMIA9fqVJu/bJ43jSgc5Kw e+2/AJCWzaexVeJ4ayRjihjHTt7UGOYolndeQAdtw8QLBUjK6iv4kisvcakQIA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mg66s5dNHzjLl; Sun, 2 Oct 2022 01:38:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2921cDaK045655; Sun, 2 Oct 2022 01:38:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2921cD8f045654; Sun, 2 Oct 2022 01:38:13 GMT (envelope-from git) Date: Sun, 2 Oct 2022 01:38:13 GMT Message-Id: <202210020138.2921cD8f045654@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: =?utf-8?Q?Dag-Erling=20Sm=C3=B8rgrav?= Subject: git: 0aa2700123e2 - main - Put OPIE to rest. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0aa2700123e22c2b0a977375e087dc2759b8e980 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664674693; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3RHHbPwXOOggCsrTn4iJYiGYm2sYlgJMA8xYcRhsVb8=; b=r0i+kcr7Z91LaqkF4W4M4PaoCYHxt7/CTKyWqlH5KVDAciazekzvbcCNoOD93SYgkPKkQK LNQuiomuFl2wroc6Pff0gP6uEt0HPqDQF2I5bBwzilAKUpcxpZchhbvLbuxtohIsotjZg4 6ltDPTDpdG9BOJ3SHrrlLUhK0/Etf0FEpkKCnn1ETmqUmoY8jFFxUYGIAAGDfZvMF8DnWu 8L0fC2z1/A+fprOzHR4gIR2bHn4PJlAd/T5dIgaR8AN5kZ2AH4Sr1jBZl0LEkiUXmj7fxT XzG2MUZl35nlrLPlv7GCW6OlZiVABFlV0Xdp/1LNlBSfzvAsxoT2Pc3ZpjcBtQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664674693; a=rsa-sha256; cv=none; b=JhdyRusSbMe1Xr0wdrs3OuD68sTAvVFHbT8Rw+Tg5ZwlW+kDoj+NTfEQE/kTTxwKKj+JOX hpfTkNzvTrWIaIWdrev1xCY7/mnTzOOjUvzCdmK1GA8IA/CG0GIajAB/8rU65jEPtgLX5m S6mh9dcDU9sAYybKKenHShZXX/jKmX5IopMHwwl6EqTwmQFC9MReasIlfx2WfkjET0GiIy hN5MCBdGLY0Z9P1RGmGv5uxamtercGj/JPGDDkaZMtfUbSbspGvzZ7I5ze10eFWsg4a4Uj V3Qvt5odrlP9305MtPd1MzhIc75X4xAYvXHWCSwW4ripgv0hrRtkZGh5nNWxTg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=0aa2700123e22c2b0a977375e087dc2759b8e980 commit 0aa2700123e22c2b0a977375e087dc2759b8e980 Author: Dag-Erling Smørgrav AuthorDate: 2022-10-02 01:37:29 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2022-10-02 01:37:29 +0000 Put OPIE to rest. Differential Revision: https://reviews.freebsd.org/D36592 --- Makefile.inc1 | 4 +- ObsoleteFiles.inc | 30 + contrib/opie/BUG-REPORT | 85 - contrib/opie/COPYRIGHT.NRL | 68 - contrib/opie/INSTALL | 178 - contrib/opie/License.TIN | 45 - contrib/opie/Makefile.in | 327 -- contrib/opie/README | 508 -- contrib/opie/acconfig.h | 226 - contrib/opie/config.h.in | 450 -- contrib/opie/config.testeflag | 12 - contrib/opie/configure | 5247 -------------------- contrib/opie/configure.in | 562 --- contrib/opie/configure.munger.in | 16 - contrib/opie/ftpcmd.y | 1290 ----- contrib/opie/glob.c | 668 --- contrib/opie/install-sh | 238 - contrib/opie/libmissing/Makefile.in | 34 - contrib/opie/libmissing/bogus.c | 1 - contrib/opie/libmissing/endutent.c | 19 - contrib/opie/libmissing/getutline.c | 63 - contrib/opie/libmissing/pututline.c | 64 - contrib/opie/libmissing/setutent.c | 18 - contrib/opie/libopie/Makefile.in | 35 - contrib/opie/libopie/accessfile.c | 171 - contrib/opie/libopie/atob8.c | 76 - contrib/opie/libopie/btoa8.c | 34 - contrib/opie/libopie/btoe.c | 2267 --------- contrib/opie/libopie/btoh.c | 36 - contrib/opie/libopie/challenge.c | 79 - contrib/opie/libopie/generator.c | 398 -- contrib/opie/libopie/getsequence.c | 27 - contrib/opie/libopie/getutmpentry.c | 85 - contrib/opie/libopie/hash.c | 78 - contrib/opie/libopie/hashlen.c | 69 - contrib/opie/libopie/insecure.c | 172 - contrib/opie/libopie/keycrunch.c | 66 - contrib/opie/libopie/lock.c | 255 - contrib/opie/libopie/login.c | 124 - contrib/opie/libopie/logwtmp.c | 197 - contrib/opie/libopie/lookup.c | 31 - contrib/opie/libopie/md4c.c | 267 - contrib/opie/libopie/md5c.c | 304 -- contrib/opie/libopie/newseed.c | 96 - contrib/opie/libopie/open.c | 77 - contrib/opie/libopie/parsechallenge.c | 82 - contrib/opie/libopie/passcheck.c | 50 - contrib/opie/libopie/passwd.c | 76 - contrib/opie/libopie/randomchallenge.c | 50 - contrib/opie/libopie/readpass.c | 315 -- contrib/opie/libopie/readrec.c | 167 - contrib/opie/libopie/unlock.c | 103 - contrib/opie/libopie/verify.c | 222 - contrib/opie/libopie/version.c | 29 - contrib/opie/libopie/writerec.c | 89 - contrib/opie/opie.4 | 342 -- contrib/opie/opie.h | 179 - contrib/opie/opie_cfg.h | 184 - contrib/opie/opieaccess.5 | 92 - contrib/opie/opieauto.c | 386 -- contrib/opie/opieftpd.8 | 294 -- contrib/opie/opieftpd.c | 1715 ------- contrib/opie/opiegen.1 | 90 - contrib/opie/opiegen.c | 88 - contrib/opie/opieinfo.1 | 103 - contrib/opie/opieinfo.c | 105 - contrib/opie/opiekey.1 | 176 - contrib/opie/opiekey.c | 347 -- contrib/opie/opiekeys.5 | 72 - contrib/opie/opielogin.1 | 131 - contrib/opie/opielogin.c | 1458 ------ contrib/opie/opiepasswd.1 | 181 - contrib/opie/opiepasswd.c | 442 -- contrib/opie/opieserv.1 | 82 - contrib/opie/opieserv.c | 83 - contrib/opie/opiesu.1 | 101 - contrib/opie/opiesu.c | 512 -- contrib/opie/opietest.c | 310 -- contrib/opie/permsfile.c | 167 - contrib/opie/popen.c | 216 - contrib/telnet/telnet/telnet.1 | 4 - etc/mtree/BSD.var.dist | 2 - lib/Makefile | 4 +- lib/libopie/Makefile | 40 - lib/libopie/Makefile.depend | 18 - lib/libopie/config.h | 381 -- lib/libopie/opieaccess | 13 - lib/libopie/opieextra.c | 98 - lib/libpam/modules/modules.inc | 2 - lib/libpam/modules/pam_opie/Makefile | 36 - lib/libpam/modules/pam_opie/Makefile.depend | 19 - lib/libpam/modules/pam_opie/pam_opie.8 | 127 - lib/libpam/modules/pam_opie/pam_opie.c | 157 - lib/libpam/modules/pam_opieaccess/Makefile | 11 - lib/libpam/modules/pam_opieaccess/Makefile.depend | 18 - lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 | 146 - lib/libpam/modules/pam_opieaccess/pam_opieaccess.c | 97 - lib/libpam/pam.d/ftpd | 2 - lib/libpam/pam.d/other | 2 - lib/libpam/pam.d/sshd | 2 - lib/libpam/pam.d/system | 2 - lib/libpam/static_libpam/Makefile.depend | 2 - lib/libsysdecode/Makefile.depend | 1 - libexec/ftpd/Makefile | 5 +- libexec/ftpd/Makefile.depend | 1 - libexec/ftpd/ftpd.8 | 10 - libexec/ftpd/ftpd.c | 34 +- share/examples/etc/README.examples | 1 - share/mk/bsd.libnames.mk | 1 - share/mk/src.libnames.mk | 4 +- targets/pseudo/userland/lib/Makefile.depend | 3 - usr.bin/Makefile | 3 - usr.bin/opieinfo/Makefile | 21 - usr.bin/opieinfo/Makefile.depend | 19 - usr.bin/opiekey/Makefile | 23 - usr.bin/opiekey/Makefile.depend | 19 - usr.bin/opiepasswd/Makefile | 21 - usr.bin/opiepasswd/Makefile.depend | 19 - usr.sbin/pw/pw_user.c | 35 - usr.sbin/pw/tests/pw_userdel_test.sh | 2 - 120 files changed, 39 insertions(+), 25502 deletions(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index 98cb357946f7..63e9b574eaaa 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -2953,7 +2953,7 @@ _prebuild_libs= ${_kerberos5_lib_libasn1} \ lib/ncurses/tinfo \ lib/ncurses/ncurses \ lib/ncurses/form \ - lib/libopie lib/libpam/libpam lib/libthr \ + lib/libpam/libpam lib/libthr \ ${_lib_libradius} lib/libsbuf lib/libtacplus \ lib/libgeom \ ${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \ @@ -3026,7 +3026,7 @@ _generic_libs+= ${_DIR} .endif .endfor -lib/libopie__L lib/libtacplus__L: lib/libmd__L +lib/libtacplus__L: lib/libmd__L .if ${MK_CDDL} != "no" _cddl_lib_libumem= cddl/lib/libumem diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 0a0c6dfb044a..3d9e7d4c6dd4 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -52,6 +52,36 @@ # xargs -n1 | sort | uniq -d; # done +# 20221001: deorbit opie +OLD_FILES+=etc/opieaccess +OLD_FILES+=etc/opiekeys +OLD_FILES+=usr/bin/opieinfo +OLD_FILES+=usr/bin/opiekey +OLD_FILES+=usr/bin/opiepasswd +OLD_FILES+=usr/bin/otp-md4 +OLD_FILES+=usr/bin/otp-md5 +OLD_FILES+=usr/bin/otp-sha1 +OLD_FILES+=usr/lib/libopie.a +OLD_FILES+=usr/lib/libopie.so +OLD_LIBS+=usr/lib/libopie.so.8 +OLD_FILES+=usr/lib/libopie_p.a +OLD_FILES+=usr/bin/opieinfo +OLD_FILES+=usr/lib/pam_opie.so +OLD_LIBS+=usr/lib/pam_opie.so.6 +OLD_FILES+=usr/lib/pam_opieaccess.so +OLD_LIBS+=usr/lib/pam_opieaccess.so.6 +OLD_FILES+=usr/share/man/man1/opieinfo.1.gz +OLD_FILES+=usr/share/man/man1/opiekey.1.gz +OLD_FILES+=usr/share/man/man1/opiepasswd.1.gz +OLD_FILES+=usr/share/man/man1/otp-md4.1.gz +OLD_FILES+=usr/share/man/man1/otp-md5.1.gz +OLD_FILES+=usr/share/man/man1/otp-sha1.1.gz +OLD_FILES+=usr/share/man/man4/opie.4.gz +OLD_FILES+=usr/share/man/man5/opieaccess.5.gz +OLD_FILES+=usr/share/man/man5/opiekeys.5.gz +OLD_FILES+=usr/share/man/man8/pam_opie.8.gz +OLD_FILES+=usr/share/man/man8/pam_opieaccess.8.gz + # 20220928: telnetd(8) removed OLD_FILES+=etc/pam.d/telnetd OLD_FILES+=usr/libexec/telnetd diff --git a/contrib/opie/BUG-REPORT b/contrib/opie/BUG-REPORT deleted file mode 100644 index c772d2d504fe..000000000000 --- a/contrib/opie/BUG-REPORT +++ /dev/null @@ -1,85 +0,0 @@ -OPIE Software Distribution, Release 2.4 Bug Reporting Form -======================================= ================== - - Before submitting a bug report, please check the README file and make -sure that your "bug" is not a known problem. - - Please make a copy of this file and then edit it with your favorite -text editor (NOT a word processor; the end result needs to be reasonable ASCII -text) to include the answers to the following questions: - -1. Your name and electronic mail address, in case we need more information. - If you can provide multiple addresses, please do so in case we - are unable to reply to the first one. - -2. Your exact operating system vendor, name, and version number. If available, - please provide the output of "uname -a" and/or the version of your C - runtime library. Please be more specific than "UNIX". - -3. The exact hardware the system was installed upon. - -4. Which compiler and C runtime you used and its version number. - For instance, some systems have been known to have the GNU libc - installed as well as its native one, or to have a "BSD - compatibility" environment. - -5. What version of OPIE you are using (the output of opiepasswd -v) and, - if you used the Autoconf install, a copy of the config.h, config.log, - and Makefile that Autoconf created. - -6. A clear description of what you did and what bug then appeared. - If your system has the script(1) command, please run a session - under that to demonstrate the bug. Window-system cut-and-paste - also works well. Sometimes, the exact output is critical to - finding the bug. - -If you can provide any of the following things, it will greatly assist -us in fixing the problem and improve the chances that we'll get back to you: - -7. A diagnosis of what is causing the problem. - -8. A test case that can repeatably demonstrate the problem. - -9. A fix for the problem. - - Bug reports should be sent by Internet electronic mail to -. This mail is run through an automated sorter that helps -get the bug report into the hands of someone who can help you. In order to -make that program work, we ask that you: - - * Send this is normal RFC822 plain text or MIME text/plain. - - * DO NOT send this or any other file as an "attachment" from - your mailer. - - * DO NOT send a copy of your bug report to ANYONE other than - . This includes listing more than one recipient - or sending it as a carbon-copy ("Cc:") to someone else. - - * DO NOT send a copy of your bug report directly to the - authors or to any mailing lists. This really makes the - authors angry, and will be interpreted as a request to not - provide you with any help. - - * DO NOT re-send bug reports because you didn't receive a - response. We attempt to respond to ALL properly submitted - bug reports. If we can't send mail back to you or you - didn't bother to follow the directions for submitting a - bug report, you won't receive a response. - - While OPIE is NOT a supported program, we generally try to respond -to all properly submitted bug reports as soon as we can. If your bug report -is properly submitted so our machine sorter can process it, this usually -takes one working day. If our machine sorter can't process your bug report, -it usually takes a week or two. - -Copyright -========= - -%%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights -Reserved. The Inner Net License Version 2 applies to these portions of -the software. -You should have received a copy of the license with this software. If -you didn't get a copy, you may request one from . - diff --git a/contrib/opie/COPYRIGHT.NRL b/contrib/opie/COPYRIGHT.NRL deleted file mode 100644 index cfbffc348760..000000000000 --- a/contrib/opie/COPYRIGHT.NRL +++ /dev/null @@ -1,68 +0,0 @@ -# @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 - -COPYRIGHT NOTICE - -All of the documentation and software included in this software -distribution from the US Naval Research Laboratory (NRL) are -copyrighted by their respective developers. - -Portions of the software are derived from the Net/2 and 4.4 Berkeley -Software Distributions (BSD) of the University of California at -Berkeley and those portions are copyright by The Regents of the -University of California. All Rights Reserved. The UC Berkeley -Copyright and License agreement is binding on those portions of the -software. In all cases, the NRL developers have retained the original -UC Berkeley copyright and license notices in the respective files in -accordance with the UC Berkeley copyrights and license. - -Portions of this software and documentation were developed at NRL by -various people. Those developers have each copyrighted the portions -that they developed at NRL and have assigned All Rights for those -portions to NRL. Outside the USA, NRL has copyright on some of the -software developed at NRL. The affected files all contain specific -copyright notices and those notices must be retained in any derived -work. - -NRL LICENSE - -NRL grants permission for redistribution and use in source and binary -forms, with or without modification, of the software and documentation -created at NRL provided that the following conditions are met: - -1. All terms of the UC Berkeley copyright and license must be followed. -2. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -3. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. All advertising materials mentioning features or use of this software - must display the following acknowledgements: - - This product includes software developed by the University of - California, Berkeley and its contributors. - - This product includes software developed at the Information - Technology Division, US Naval Research Laboratory. - -5. Neither the name of the NRL nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS -IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR -CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -The views and conclusions contained in the software and documentation -are those of the authors and should not be interpreted as representing -official policies, either expressed or implied, of the US Naval -Research Laboratory (NRL). - ----------------------------------------------------------------------- diff --git a/contrib/opie/INSTALL b/contrib/opie/INSTALL deleted file mode 100644 index db23f84a2b76..000000000000 --- a/contrib/opie/INSTALL +++ /dev/null @@ -1,178 +0,0 @@ -OPIE Software Distribution, Release 2.4 Installation Instructions -======================================= ========================= - - Did you read the README file? - - If not, please go do so, then come back here. There is information in -the README file that you will probably need to know in order to build and use -OPIE, and you are better off doing it before you try to compile and install -it. - - OPIE uses Autoconf to automagically figure out as much as possible -about your system. There are four steps to installing OPIE. Please read them -all first before attempting to do them. - -1. Run the "configure" script. - - Normally, you will need to type: - - sh configure - - If you would like to use an access file to allow users from some hosts -to log into your system without using OTPs (thus opening up a big security -hole, but a necessary evil for some sites), type: - - sh configure --enable-access-file=/etc/opieaccess - - If you'd like the file to go somewhere else, adjust this appropriately. - - There are a number of configure-time options available for OPIE. You -probably don't want to change the defaults. To get a complete listing of the -currently available options, type: - - sh configure --help - - Some options that may be of interest are: - - --enable-access-file=FILENAME: Enable the OPIE access file FILENAME - The OPIE access file provides a system administrator with the ability - to make the use of OTP optional for certain hosts. Note that individual - users can create a file named ".opiealways" in their home directory to - require that OTP be used to access to their account. Note also that the - access file is based on addresses, but many of the clients that use it - are only given hostnames. This opens this entire scheme up to DNS - spoofing attacks, which is a major security problem. ALWAYS use a - package such as tcp_wrappers configured to do paranoid checking on DNS - information if you enable this option (it's good practice anyway). - - --enable-server-md4: Use MD4 instead of MD5 for the server - The old S/Key package used MD4 instead of MD5. MD4 is believed to be - less secure than MD5. Use this option only for compatibility with old - key files. - - --disable-user-locking: Disable user locking - OPIE only allows one session at a time to attempt to authenticate a - principal; this prevents a possible race attack on OTP. This locking - mechanism can cause problems in some applications, in which case you - might want to disable the locking. This option also provides a work- - around if the locking code doesn't work reliably on your system. - - --enable-user-locking[=DIR]: Put user lock files in DIR [/etc/opielocks] - The OPIE lock files need to be put in an isolated directory that is - only accessable by the super-user and has a parent directory that is - only writable by the super-user. If you are trying to use OPIE with - the key file shared by NFS, you need to make the lock directory - shared too. (But you read the README file, so you knew this) - - --enable-retype: Ask users to re-type their secret pass phrases - On the one hand, this helps prevent users from having to go generate - an OTP, type it into a remote system, and then found out they - mistyped. On the other hand, it's annoying. If this is enabled, users - can simply hit return at the second prompt and the generator will skip - the retype check, which allows users who don't like the retype check - to mostly skip it. - - --enable-su-star-check: Refuse to switch to disabled accounts - On many systems, an asterisk means one thing and one thing only: this - account is never meant for human users. Therefore, it doesn't make - much sense for anyone other than an attacker to try to su to that - account. Enabling this check causes su to refuse to switch to - accounts with an asterisk in their password field. While probably - better for security, this is not compatible with traditional *IX su - behavior, so it is disabled by default - - --disable-new-prompts: Use more compatible (but less informative) prompts - OPIE uses login prompts that tell you exactly what kind of response - (an OTP response and/or a cleartext password) it expects you to give. - This can break automatic login scripts that look for 'Password:' as - the prompt for the password. If you have users that use such scripts, - you might want to disable the more informative responses so as not to - break those scripts. - - --enable-insecure-override: Allow users to override insecure checks - While OPIE cannot determine whether or not a session is secure, it can - check for fairly common signs that it isn't secure. If it believes the - session is insecure, some programs like opiekey will refuse to run - because they prompt the user to send a secret pass phrase. Sometimes - these checks declare a session insecure when it is, and sometimes the - user wants to continue anyway even if the session is insecure. If this - option is enabled, many commands gain a '-f' option to force them to - operate even if OPIE thinks the session is insecure. - - --enable-anonymous-ftp Enable anonymous FTP support - By default, the OPIE FTP daemon does not support anonymous FTP - service. The FTP daemon contains many security related bug fixes - relative to the original source, but bugs probably remain. It was not - intended to be used for anonymous FTP, where it is more open to the - commands of potentially hostile users. If you enable this option, it - will once again support anonymous FTP, but it probably isn't secure - when that way. - - --disable-utmp Disable utmp logging - --disable-wtmp Disable wtmp logging - On some systems, logging to the utmp and/or wtmp files is just a lost - cause. If this is the case on your system, you might be better off - not having OPIE even try. - - --enable-opieauto Enable support for opieauto - opieauto is a facility that caches an intermediate result of the OTP - generator so that a user-selected number of OTPs can be generated on - demand for each time the user types in the secret pass phrase. This - is great for user convenience, as typing a twenty or thirty character - secret pass phrase can be annoying. It can also be a minor security - hole (see the README for details). - -2. Edit the Makefile - - The Makefile contains some options that you may wish to modify. Also -verify that Autoconf chose the correct options for your system. - - The Makefile created by Autoconf should be correct for most users -as-is. - -3. Build OPIE - - Normally, you will need to type: - - make - - If you only want to build the client programs, type: - - make client - - If you only want to build the server programs, type: - - make server - -4. Verify that OPIE works on your system and install - - Normall, you will need to type: - - make install - - If you only want to install the client programs, type: - - make client-install - - If you only want to install the server programs, type: - - make server-install - - If you encounter any problems, you may be able to run "make uninstall" -to remove the OPIE software from your system and revert back to almost the -way things were before. - -Copyright -========= - -%%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights -Reserved. The Inner Net License Version 2 applies to these portions of -the software. -You should have received a copy of the license with this software. If -you didn't get a copy, you may request one from . - -Portions of this document are Copyright 1995 by Randall Atkinson and Dan -McDonald, All Rights Reserved. All Rights under this copyright are assigned -to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and -License Agreement applies to this software. diff --git a/contrib/opie/License.TIN b/contrib/opie/License.TIN deleted file mode 100644 index 0ec9d214e272..000000000000 --- a/contrib/opie/License.TIN +++ /dev/null @@ -1,45 +0,0 @@ -The Inner Net License, Version 2 -================================ - - The author(s) grant permission for redistribution and use in source and -binary forms, with or without modification, of the software and documentation -provided that the following conditions are met: - -0. If you receive a version of the software that is specifically labelled - as not being for redistribution (check the version message and/or README), - you are not permitted to redistribute that version of the software in any - way or form. -1. All terms of the all other applicable copyrights and licenses must be - followed. -2. Redistributions of source code must retain the authors' copyright - notice(s), this list of conditions, and the following disclaimer. -3. Redistributions in binary form must reproduce the authors' copyright - notice(s), this list of conditions, and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. All advertising materials mentioning features or use of this software - must display the following acknowledgement with the name(s) of the - authors as specified in the copyright notice(s) substituted where - indicated: - - This product includes software developed by , The Inner - Net, and other contributors. - -5. Neither the name(s) of the author(s) nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY ITS AUTHORS AND CONTRIBUTORS ``AS IS'' AND ANY -EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - Please distribute a copy of this license with the software and make it -reasonably easy for others to find. - - If these license terms cause you a real problem, contact the author. diff --git a/contrib/opie/Makefile.in b/contrib/opie/Makefile.in deleted file mode 100644 index 77e0fc3b1bb1..000000000000 --- a/contrib/opie/Makefile.in +++ /dev/null @@ -1,327 +0,0 @@ -## -# Makefile.source and Makefile: Directions for building and installing OPIE. -# -# %%% portions-copyright-cmetz-96 -# Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights -# Reserved. The Inner Net License Version 2 applies to these portions of -# the software. -# You should have received a copy of the license with this software. If -# you didn't get a copy, you may request one from . -# -# Portions of this software are Copyright 1995 by Randall Atkinson and Dan -# McDonald, All Rights Reserved. All Rights under this copyright are assigned -# to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and -# License Agreement applies to this software. -# -# History: -# -# Modified by cmetz for OPIE 2.4. Add libmissing to include header path. -# Renamed realclean to distclean. Added opieauto rules. Made -# system program install more tolerant of non-existent files. -# Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie. -# Modified by cmetz for OPIE 2.3. Removed manual config -- it's -# Autoconf or bust. Replaced user configuration options -# with options.h. Eliminated unused variables. Pass down -# $(DEBUG) instead of several other variables to the -# subdirs. Extended/standard key file support. Added -# dependencies on subdir files. Made opietest call silent. -# Removed opie-md4, opie-md5, and key aliases. Removed -# test target. Make uninstall remove man page aliases. -# Modified by cmetz for OPIE 2.22. Removed @LIBOBJS@ from MISSING for -# Autoconf target. Re-ordered LFLAGS because some ld's won't -# include libmissing properly if it's not at the end. -# Modified by cmetz for OPIE 2.21. Added getusershell.o to IRIX -# missing functions. -# Modified by cmetz for OPIE 2.2. Added NEW_PROMPTS definition. -# Added MISSING and new flags-passing for libmissing. -# Quote MISSING or lose. Update TEST target for FTPD -# variable. Removed line formatting for compile commands -# since macro expansion confuses the issue anyway. -# Added targets for opieserv. Added targets for opietest. -# Removed obselete options.h target. Swapped libmissing -# and libopie. Updated manual config options. Added more -# explanatory text. Fixed uses of old SYSV and BSD4_3 -# symbols. -# Modified at NRL for OPIE 2.2: Renamed LDFLAGS setting to LIBS, -# renamed LDFLAGS in targets to LFLAGS. Added targets for -# libopie and libmissing directories. Got rid of PROTOTYPES. -# Added opiegen. Fixed RANLIB Autoconf target. -# Modified at NRL for OPIE 2.11: Fixed fatal mistype of Autoconf. -# Modified at NRL for OPIE 2.1: Changed targets to reflect source -# file name changes. Changed explanation and flags for static -# linking. Changed opieinfo target. Removed WHOAMI. Added -# Autoconf targets. Changed if conditionals to use test -# instead of [. Changed SU_DIR to SU to help autoconf. -# Changed FTPDIR and FTPDNAME to FTPD to help autoconf. -# Changed HP-UX to HP-UX9 and HP-UX10. Make uninstall -# target depend on config. HPUX *is* no longer necessary, but -# something does have to be there. Sub in Autoconf @CC@. -# Modified at NRL for OPIE 2.04: Re-worded explanation of SU_STAR_CHECK. -# Modified at NRL for OPIE 2.02: Added SU_STAR_CHECK flag. -# Modified at NRL for OPIE 2.01: Test target makes opiesu and opielogin -# setuid. install target clears that. uninstall target needs to -# remove the opiekey symlinks. opieinfo target needs to -# substitute for $(EXISTS). ifdefs target needs to check for -# starting hash. $(LFLAGS) and -o should be at the end of all -# link commands to spoon-feed drain bamaged link editors. Added -# A/UX defaults. -# Modified heavily at NRL for OPIE 2.0. -# Written at Bellcore for the S/Key Version 1 software distribution -# (Makefile). - -#============================================================================ -# CONFIGURATION PARAMETERS -- CHANGE THESE TO SUIT YOUR MACHINE - -# Shell to use for make(1) -# It's usually a good idea to leave this as-is. On some systems, ksh or bash -# may be necessary -SHELL=/bin/sh - -# OWNER is the username who should own the OPIE binaries. -# GROUP is the groupname associated with the OPIE binaries. -# -OWNER=0 -GROUP=bin - -# Where should the OPIE standard and extended databases be stored? -# -# Some sites might want to put this elsewhere. If you want to use an old -# S/Key database, you should create a link from /etc/skeykeys to /etc/opiekeys. -KEY_FILE=/etc/opiekeys - -# Are we debugging? -# -# The first line will build a normal version of OPIE. You should use it. -# -# The second is for brave souls porting OPIE to a new system or trying to -# debug it and should definitely NOT be used to build a production copy -# of OPIE. -# -# The third is the above using nifty heap debugger called "Electric Fence". -DEBUG=-O -#DEBUG=-DDEBUG=1 -g -#DEBUG=-DDEBUG=1 -g -lefence - -# These parameters are determined by Autoconf and are probably correct. -# If OPIE doesn't build or work right, try tweaking these. -CC=@CC@ -YACC=@YACC@ -FTPD=@FTPD@ -LIBS=@LIBS@ -OPTIONS=@DEFS@ -EXISTS=@EXISTS@ -MKDIR=@MKDIR@ -CHOWN=@CHOWN@ -LOCALBIN=@LOCALBIN@ -LOCALMAN=@LOCALMAN@ -SU=@SU@ -ALT_SU=@ALT_SU@ -LOGIN=@LOGIN@ -LOCK_DIR=@LOCK_DIR@ -OPIEAUTO=@OPIEAUTO@ - -BACKUP=opie.old - -CFLAGS=$(DEBUG) -Ilibmissing - -LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie -LDEPS=libmissing/libmissing.a libopie/libopie.a - -all: client server - -ifdefs: - egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq - -client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen $(OPIEAUTO) - -client-install: client - @echo "Installing OPIE client software..." - @echo "Copying OPIE key-related files" - @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi - @cp opiekey $(OPIEAUTO) $(LOCALBIN) - @$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey - @if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi - @chgrp $(GROUP) $(LOCALBIN)/opiekey - @echo "Changing file permissions" - @chmod 0511 $(LOCALBIN)/opiekey - @if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi - @echo "Symlinking aliases to opiekey" - @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4 - @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5 - @echo "Installing manual pages" - @-for i in otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done - @if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1 - -server: libopie/libopie.a libmissing/libmissing.a opietest-passed opielogin opiesu opiepasswd opieinfo opieftpd opieserv - -server-install: server - @echo "Installing OPIE server software..." - @echo "Copying OPIE user programs" - @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi - @cp opiepasswd opieinfo $(LOCALBIN) - @echo "Changing ownership" - @$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo - @chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo - @echo "Changing file permissions" - @chmod 0555 $(LOCALBIN)/opieinfo - @chmod 4511 $(LOCALBIN)/opiepasswd - @echo "Installing OPIE system programs..." - @if test ! -z $(LOGIN); \ - then \ - if test ! $(EXISTS) $(LOGIN).$(BACKUP); \ - then \ - echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \ - mv $(LOGIN) $(LOGIN).$(BACKUP); \ - echo "Clearing permissions on $(LOGIN)"; \ - chmod 0 $(LOGIN).$(BACKUP); \ - fi; \ - echo "Copying OPIE login to $(LOGIN)"; \ - cp opielogin $(LOGIN); \ - echo "Changing ownership of $(LOGIN)"; \ - $(CHOWN) $(OWNER) $(LOGIN); \ - chgrp $(GROUP) $(LOGIN); \ - echo "Changing file permissions of $(LOGIN)"; \ - chmod 4111 $(LOGIN); \ - fi - @if test ! -z $(SU); \ - then \ - if test ! $(EXISTS) $(SU).$(BACKUP); \ - then \ - echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \ - mv $(SU) $(SU).$(BACKUP); \ - echo "Clearing permissions on $(SU)"; \ - chmod 0 $(SU).$(BACKUP); \ - fi; \ - echo "Copying OPIE su to $(SU)"; \ - cp opiesu $(SU); \ - echo "Changing ownership of $(SU)"; \ - $(CHOWN) $(OWNER) $(SU); \ - chgrp $(GROUP) $(SU); \ - echo "Changing file permissions of $(SU)"; \ - chmod 4111 $(SU); \ - fi - @if test ! -z $(ALT_SU); \ - then \ - if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \ - then \ - echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \ - mv $(ALT_SU) $(ALT_SU).$(BACKUP); \ - echo "Clearing permissions on $(ALT_SU)"; \ - chmod 0 $(ALT_SU).$(BACKUP); \ - fi; \ - echo "Copying OPIE su to $(ALT_SU)"; \ - cp opiesu $(ALT_SU); \ - echo "Changing ownership of $(ALT_SU)"; \ - $(CHOWN) $(OWNER) $(ALT_SU); \ - chgrp $(GROUP) $(ALT_SU); \ - echo "Changing file permissions of $(ALT_SU)"; \ - chmod 4111 $(ALT_SU); \ - fi - @if test ! -z $(FTPD); \ - then \ - if test ! $(EXISTS) $(FTPD).$(BACKUP); \ - then \ - echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \ - mv $(FTPD) $(FTPD).$(BACKUP); \ - echo "Clearing permissions on $(FTPD).$(BACKUP)"; \ - chmod 0 $(FTPD).$(BACKUP); \ - fi; \ - echo "Copying OPIE ftp daemon to $(FTPD)"; \ - cp opieftpd $(FTPD); \ - echo "Changing ownership of $(FTPD)"; \ - $(CHOWN) $(OWNER) $(FTPD); \ - chgrp $(GROUP) $(FTPD); \ - echo "Changing file permissions of $(FTPD)"; \ - chmod 0100 $(FTPD); \ - fi - @echo "Making sure OPIE database file exists"; - @touch $(KEY_FILE) - @echo "Changing permissions of OPIE database file" - @chmod 0644 $(KEY_FILE) - @echo "Changing ownership of OPIE database file" - @$(CHOWN) $(OWNER) $(KEY_FILE) - @chgrp $(GROUP) $(KEY_FILE) - @-if test ! -z "$(LOCK_DIR)"; then echo "Creating OPIE lock directory"; mkdir $(LOCK_DIR); $(CHOWN) 0 $(LOCK_DIR); chgrp 0 $(LOCK_DIR); chmod 0700 $(LOCK_DIR); fi; - @-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; touch $(ACCESS_FILE); $(CHOWN) 0 $(ACCESS_FILE); chgrp 0 $(ACCESS_FILE); chmod 0444 $(ACCESS_FILE); fi; - @echo "Installing manual pages" - @if test ! -d $(LOCALMAN); then $(MKDIR) $(LOCALMAN); chmod 755 $(LOCALMAN); fi - @for i in 1 4 5 8; do for j in *.$$i; do if test ! -d $(LOCALMAN)/man$$i; then $(MKDIR) $(LOCALMAN)/man$$i; chmod 755 $(LOCALMAN)/man$$i; fi; cp $$j $(LOCALMAN)/man$$i/$$j; $(CHOWN) $(OWNER) $(LOCALMAN)/man$$i/$$j; chgrp $(GROUP) $(LOCALMAN)/man$$i/$$j; chmod 644 $(LOCALMAN)/man$$i/$$j; done; done - @echo "REMEMBER to run opiepasswd on your users immediately." - -install: client-install server-install - -uninstall: - @echo "Un-installing OPIE..." - @echo "Removing symlinks" - @-for i in otp-md4 otp-md5; do rm $(LOCALBIN)/$$i; done - @echo "Removing OPIE programs" - @-for i in opiekey opiepasswd opieinfo; do rm $(LOCALBIN)/$$i; done - @echo "Removing OPIE manual pages" - @-for i in 1 4 5 8; do for j in *.$$i; do rm $(LOCALMAN)/man$$i/$$j; done; done - @-rm $(LOCALMAN)/man1/otp-md4.1 $(LOCALMAN)/man1/otp-md5.1 - @echo "Restoring old binaries" - @-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done - @echo "Resetting permissions" - @chmod 4111 $(SU) $(LOGIN) - @chmod 0100 $(FTPD) - @if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi - @echo "OPIE is now un-installed." - @echo "Please verify by hand that this process worked." - -opietest-passed: opietest - -./opietest && touch opietest-passed - -libopie/libopie.a: libopie/*.c *.h - (cd libopie ; $(MAKE) libopie.a CFL='$(CFLAGS) -DKEY_FILE=\"$(KEY_FILE)\"') - -libmissing/libmissing.a: libmissing/*.c - (cd libmissing ; $(MAKE) libmissing.a CFL='$(CFLAGS)') - -clean: - -rm -f *.o opiekey opiegen opielogin opiepasswd opiesu opieftpd - -rm -f opieserv opieinfo opietest opieauto *core* opietest-passed - -rm -f Makefile.munge configure.munger y.tab.c .gdb* - (cd libopie ; $(MAKE) clean) - (cd libmissing ; $(MAKE) clean) - -realclean: distclean - -distclean: clean - -rm -f *~ core* "\#*\#" Makefile make.log - -rm -f config.log config.status config.cache config.h - (cd libopie ; $(MAKE) distclean) - (cd libmissing ; $(MAKE) distclean) - -opiekey: opiekey.o $(LDEPS) - $(CC) $(CFLAGS) opiekey.o $(LFLAGS) -o opiekey - -opiegen: opiegen.o $(LDEPS) - $(CC) $(CFLAGS) opiegen.o $(LFLAGS) -o opiegen - -opieserv: opieserv.o $(LDEPS) - $(CC) $(CFLAGS) opieserv.o $(LFLAGS) -o opieserv - -opieftpd: opieftpd.o glob.o popen.o y.tab.o $(LDEPS) - $(CC) $(CFLAGS) opieftpd.o glob.o popen.o y.tab.o $(LFLAGS) -o opieftpd - -opielogin: opielogin.o permsfile.o $(LDEPS) - $(CC) $(CFLAGS) opielogin.o permsfile.o $(LFLAGS) -o opielogin - -opiepasswd: opiepasswd.o $(LDEPS) - $(CC) $(CFLAGS) opiepasswd.o $(LFLAGS) -o opiepasswd - -opiesu: opiesu.o $(LDEPS) - $(CC) $(CFLAGS) opiesu.o $(LFLAGS) -o opiesu - -y.tab.c: ftpcmd.y - $(YACC) ftpcmd.y - -opieinfo: opieinfo.o $(LDEPS) - $(CC) $(CFLAGS) opieinfo.o $(LFLAGS) -o opieinfo - -opietest: opietest.o $(LDEPS) - $(CC) $(CFLAGS) opietest.o $(LFLAGS) -o opietest - -opieauto: opieauto.o $(LDEPS) - $(CC) $(CFLAGS) opieauto.o $(LFLAGS) -o opieauto - diff --git a/contrib/opie/README b/contrib/opie/README deleted file mode 100644 index a89e168adadb..000000000000 --- a/contrib/opie/README +++ /dev/null @@ -1,508 +0,0 @@ -OPIE Software Distribution, Release 2.4 Important Information -======================================= ===================== - -Introduction -============ - - "One-time Passwords In Everything" (OPIE) is a freely distributable -software package originally developed at and for the US Naval Research -Laboratory (NRL). Recent versions are the result of a cooperative effort -between of NRL, several of the original NRL authors, The Inner Net, and many -other contributors from the Internet community. - - OPIE is an implementation of the One-Time Password (OTP) System that -is being considered for the Internet standards-track. OPIE provides a one-time -password system. The system should be secure against the passive attacks -now commonplace on the Internet (see RFC 1704 for more details). The system -is vulnerable to active dictionary attacks, though these are not widespread -at present and can be detected through proper use of system audit -software. - - OPIE is primarily written for UNIX-like operating systems, but -we are working to make applicable portions portable to other operating systems. -The OPIE software is derived in part from and is fully interoperable with the -Bell Communications Research (Bellcore) S/Key Release 1 software. Because -Bellcore claims "S/Key" as a trademark for their software, NRL was forced to -use a different name (we picked "OPIE") for this software distribution. - - OPIE includes the following additions/modifications to the -original Bellcore S/Key(tm) Version 1 software: - -* Just about three command installation (unpack the software, run the - configure script, and run make install). While we still recommend that you - follow instructions and test things by hand, the more adventurous can - install OPIE quickly. - -* A modified BSD FTP daemon that does OTP. - -* A version of su that uses OTP by default. - -* MD5 support. MD5 is now the default algorithm, though MD4 is still supported - by changing a parameter in the Makefile. This change was made because MD5 is - widely believed to be cryptographically stronger than MD4 (see RFC 1321). - -* A more portable version of MD4 has been substituted for the original MD4. - This should solve the endian problems that were in S/Key. - -* Most of the system-dependencies have been moved to a new file "opie_cfg.h". - -* Configuration options have been moved to the Makefile. *** 25609 LINES SKIPPED ***