[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Integrating ftpd and pam_opie; not getting challenge?


> Protocols like ftp are a little too strict in the form of the auth stuff
> to do opie, if you ask me. Now, perhaps, for command line opie ftp use,
> you could hack the server to output one of those lines that they use for
> big long messages (230, right?) and stuff the opie key in there... and do
> some wierd stuff like have the authentication "fail" the first time
> through.. blah blah blah.. but all of this is a giant hack on the ftp
> protocol, so of course pam isn't going to accomplish this sort of hack all
> on its own.

I run OpenBSD (2.2 in this case) on a couple of old sparcs (as nameservers) and was playing with opie on one of them.  "vern" is the OpenBSD box, if that's not clear from the listing. 

Ftp greets me with:

[apotter@vinz apotter]$ ftp vern
Connected to vern.bogon.nul.
220 vern.bogon.nul FTP server (Version 6.3/OpenBSD) ready.
Name (vern:apotter):
331 Password [ otp-md5 97 vern42289 ] for apotter required.

Note that in this configuration, ftp will accept either my regular unix password, or the OTP.

I know that this isn't strictly PAM related, but it does seem to be and example of a route to success.

| Al Potter                          Senior Network Security Analyst |
| apotter at-yay icsa ot-day net                           ICSA Labs |
|                        International Computer Security Association |
|                                                                    |
| If the spambots learn piglatin........                             |

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []