Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

Problem Report bin/44518

ftpd(8) does not show OPIE OTP challenge

Confidential
no
Severity
serious
Priority
medium
Responsible
yar@FreeBSD.org
State
suspended
Class
sw-bug
Submitter-Id
current-users
Arrival-Date
Sun Oct 27 02:50:01 PST 2002
Last-Modified
Wed May 21 21:56:41 UTC 2008
Originator
Hideki Sakamoto <sakamoto@hlla.is.tsukuba.ac.jp>
Release
FreeBSD 4.7-RELEASE-p1
Environment
FreeBSD xxxxx 4.7-RELEASE-p1 FreeBSD 4.7-RELEASE-p1 #1:
Fri Oct 25 16:54:58 JST 2002     sakamoto@xxxxx:/usr/obj
/usr/src/sys/XXXXX  i386
Description
Ftpd can authenticate a user with OPIE PAM module(pam_opie) when it's enabled in /etc/pam.conf. But client program cannot calculate OTP because ftpd doesn't show challenge to client in the session.
How-To-Repeat
1. Set a user's password for the OPIE authentication system.
   % opiepasswd -c 
2. Try FTP with telnet.
 * % telnet localhost ftp
   Trying ::1...
   telnet: connect to address ::1: Connection refused
   Trying 127.0.0.1...
   Connected to localhost.
   Escape character is '^]'.
   220 xxxxxx.hlla.is.tsukuba.ac.jp FTP server (Version 6.00LS) ready.
 * user sakamoto
   331 Password required for sakamoto.
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ftpd should have shown OTP challenge at this time. Nevertheless, authentication will success if a user know correct OTP and put it with "pass" command.

S/Key authentication(pam_skey) have same probrem but its ok because ftpd
have native S/Key authentication mechanism and it shows challenge at the end of "user" command handler.
Fix
      I have no good idea. Dirty solution is; Show OPIE challenge at the end of "user" command handler like S/Key.
Audit-Trail
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Jul 12 18:23:30 PDT 2003 
Responsible-Changed-Why:  
Assign to ftpd maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44518 
State-Changed-From-To: open->suspended 
State-Changed-By: yar 
State-Changed-When: Tue Mar 2 10:08:35 PST 2004 
State-Changed-Why:  
The current implementation of pam_opie(8) piggybacks the challenge 
onto the "Password:" prompt, which makes using pam_opie(8) with ftpd(8) 
really problematic.  The PAM author has no plans to change that. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44518
Submit Followup | Raw PR
www@jp.FreeBSD.org