Segmentation fault on OPIE when sequence number <0
Dany Nativel
dany_list at natzo.com
Fri Jan 23 06:48:18 PST 2004
I've posted my s/key issue on this mailing list, BSD forums and also
submitted a bug report to FBSD... no response so far or any advice on
how to debug the problem.
I'd like to switch my Debian based file server to freebsd but this issue
on s/key is annoying.
Any comments are welcome.
Thanks
Dany
Dany wrote:
> In order to allow my user to login using his regular Unix password I
> had to remove the file /etc/opiekeys
>
> I've tried the same opiepasswd thing on a Debian box and when the
> s/key expired (sequence # = 0), I just pressed enter in order to get
> the Password prompt for the Unix password.
>
> Just for information heres is my /etc/pam.d/login (stock from 5.2R
> install) :
> auth required pam_nologin.so no_warn
> auth sufficient pam_self.so no_warn
> auth include system
>
> account requisite pam_securetty.so
> account include system
>
> session include system
>
> password include system
>
> How did I get the OPIE running in the first place without any
> modification of this file ?
>
> On the debian one I had to add "auth sufficient pam_opie.so" and "auth
> required pam_deny.so".
>
> Dany
>
> Dany wrote:
>
>> Playing around with OPIE I used the following command on a 5.2R
>> (hopefully I still have my root working) :
>>
>> 1) from the user account :
>> #opiepasswd -c -n 2
>> I put 2 for the initial sequence number just to see what would happen
>> to the user when he reaches 0
>>
>> Entered my passphrase, got the seed and got the first response.
>>
>> 2) I didn't touch the /etc/pam.d/login but noticed that it didn't
>> contain any reference to opie (/etc/pam.d/ssh does have some).
>>
>> 3) After exiting the current session, I got :
>> login : alpha
>> otp-md5 2 he201
>> Password:
>>
>> I think I tried my regular Unix password first and it worked. I
>> logged out and this time I used the response computed by my external
>> s/key calculator. It worked well and I was logged in... nice !
>>
>> 4) So I repeated that process until I reached 0.
>>
>> 5) Now this is what I get :
>> login: alpha
>> otp-md5 -1 (null) ext
>> Password:
>>
>> I now my s/key password has expired so I put in my Unix password and
>> received a nice :
>>
>> FreeBSD/i386 (local) (ttyv0)
>> login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on
>> signal 11 (core dumped)
>>
>> 6) I though it was some kind of security mecanism so I logged back on
>> my root account.
>>
>> 7) Trying to disable OPIE login for alpha using the following command :
>> #opiepasswd -d alpha
>> Updating alpha:
>> Segmentation fault (core dumped)
>> local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0:
>> exited on signal 11 (core dumped)
>>
>> I also tried opipasswd -c alpha to recreate OPIE keys for alpha but I
>> received the same segmentation fault.
>>
>> a) how did OPIE worked in the first place with no mention to it in
>> /etc/pam.d/login ?
>> b) why do I get a segmentation fault ?
>>
>> Thanks
>> Dany
>>
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list