sudo-1.6.3p5 on FreeBSD- and s/key
skafte+sudo-users at trollkarl.net
Sat Dec 2 07:14:07 EST 2000
I'm been using sudo for a couple of years now (Kudos to the team) and
I'm just now getting creative with S/Key access from untrusted terminals.
Sudo is compiled with Skey and if I type in an skey passwd lifes good,
but if I type in the "crypt" passwd it still authenticates.
I haven't figured out the right voodoo for my skey.access file... which
seems to work with all my other s/keyed utilities.
I snooped around in auth/rfc1938.c and auth/sudo_auth.c and noticed that
there are no calls to skeyaccess(3), which from my understanding is the
lib call that you assert if your uid/gid+port+host is allowed to use
a OTP (One Time Passwd) or the Unix passwd.
Since I haven't found this in the FAQ and I new to the list, I', not
sure if this is my lack of clue, or a bug or an oversite in design.
Any other S/Key users forcing OTP from non-local terminals?
I've tried this on FreeBSD RELENG_ and CURRENT.
When things can't get any worse, they simplify themselves by getting a
whole lot worse then complicated. A complete and utter disaster is the
simplest thing in the world; it's preventing one that's complex.
More information about the sudo-users