"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> 1) When OPIE turned on in the system, not neccessary all users are 
> OPIE-ed, only those who listed in /etc/opiekeys. It means that 
> pam_opieaccess() module must do something only for valid OPIE users 
> listed in /etc/opiekeys and do nothing for others. I use opiechallenge() 
> check for it, and if it fails, return PAM_IGNORE.

Umm, you can't use opiechallenge() for that.  You're not supposed to
call opiechallenge() without also calling opieverify() (plus, I think
opiechallenge() "consumes" a challenge).  Use opielookup() instead.

> 2) opiealways() return just opposite to what you might expect, see 
> /usr/src/contrib/opie/libopie/accessfile.c comment about it. Fixed by 
> removing "!"

Right, thanks.

Dag-Erling Smorgrav - [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to