Re: Putting OPIE to rest
- In reply to: Dag-Erling_Smørgrav : "Re: Putting OPIE to rest"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 16 Oct 2022 17:51:37 UTC
On 9/15/22, Dag-Erling Smørgrav <des@des.no> wrote: > Neither HOTP nor TOTP require dedicated devices. > HOTP codes are sequential and can be pre-generated... Those aren't really their intended or advertised usage models, nor do common implementations support those modes. Is FreeBSD contributing and supplying ones that do? OPIE's model already intends for and supports no-device and printout. To emphasize and extend... https://lists.freebsd.org/archives/freebsd-current/2022-September/002573.html It should also be noted that the affected scope here is not just 'FreeBSD users logging into FreeBSD shell', there are also applications out there that compile against and use FreeBSD's libopie, some of which are in ports some are not. OPIE does not exist as a port+package, thus re POLA for users, it should not be removed until such time as one is provided. Where is discussion on these. And why isn't every other 'old, outlived, non-hipster' pam authentication plugin being arbitrarily removed and non-portified, such as say tacacs, radius, krb, rhosts, etc. And if those pam are there, why then are hip OAUTH HOTP TOTP etc type things not added, lib-ified, etc.