sudo-1.6.3p5 on FreeBSD-[345] and s/key

Greg Skafte skafte+sudo-users at
Sat Dec 2 07:14:07 EST 2000

I'm been using sudo for a couple of years now (Kudos to the team) and
I'm just now getting creative with S/Key access from untrusted terminals.

Sudo is compiled with Skey and if I type in an skey passwd lifes good,
but if I type in the "crypt" passwd it still authenticates.  

I haven't figured out the right voodoo for my skey.access file... which
seems to work with all my other s/keyed utilities.  

I snooped around in auth/rfc1938.c and auth/sudo_auth.c and noticed that
there are no calls to skeyaccess(3), which from my understanding is the
lib call that you assert if your uid/gid+port+host is allowed to use 
a OTP (One Time Passwd) or the Unix passwd. 

Since I haven't found this in the FAQ and I new to the list, I', not
sure if this is my lack of clue, or a bug or an oversite in design.

Any other S/Key users forcing OTP from non-local terminals?

I've tried this on FreeBSD RELENG_[34] and CURRENT.


--								      --
When things can't get any worse, they simplify themselves by getting a
whole lot worse then complicated. A complete and utter disaster is the 
simplest thing in the world; it's preventing one that's complex. 
(Janet Morris)

More information about the sudo-users mailing list