Re: Putting OPIE to rest

From: grarpamp <>
Date: Sun, 16 Oct 2022 17:51:37 UTC
On 9/15/22, Dag-Erling Smørgrav <> wrote:
> Neither HOTP nor TOTP require dedicated devices.
> HOTP codes are sequential and can be pre-generated...

Those aren't really their intended or advertised usage models,
nor do common implementations support those modes.
Is FreeBSD contributing and supplying ones that do?
OPIE's model already intends for and supports no-device and printout.

To emphasize and extend...

It should also be noted that the affected scope here is not just 'FreeBSD users
logging into FreeBSD shell', there are also applications out there that compile
against and use FreeBSD's libopie, some of which are in ports some are not.

OPIE does not exist as a port+package, thus re POLA for users,
it should not be removed until such time as one is provided.

Where is discussion on these.

And why isn't every other 'old, outlived, non-hipster' pam
authentication plugin being
arbitrarily removed and non-portified, such as say tacacs, radius,
krb, rhosts, etc.
And if those pam are there, why then are hip OAUTH HOTP TOTP etc type things
not added, lib-ified, etc.