On Tue, 29 May 2001, R P Herrold wrote:
>
> Opie is a formal RFC track item, and that means two separate
> interpoerating implementations exist. The library change in
> Debian seems to be more due to the deliberate release pace of
> that distribution's releases.
>
.. snip ..
>
> Before SSH, some root authentication schemes required a second
> 'list' challenge, for admin access. As I recall there is a
> further variant where the order of the list is reversed for
> use by the operator, and a full list of the sequence expected
> is maintained at the unit to be secured, and used in reverse
> order, for greater randomnness.
>
Russ, thanks for the info. i ended up using opie-2.32 from:
http://munitions.vipul.net/050102.shtml
version 2.3's compile is really rocky -- i gave up after fighting like 5
errors. 2.32 was no problem at all (once i found it). i'd rather stay away
from .debs from the unstable branch, esp when they depend on still more
unstable .debs...
the pam module seems to work for login and su, but nothing yet for sshd.
unless you stop it, opie installs new versions of su and login that aren't
pam aware. it keeps the old versions and (yes, i checked :) they have the
same md5 hash as they did before the install. replacing the old login and
su, then adding a line for pam_opie.so for su and login and it works
great.
> -- Russ
>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:56:42 EDT