[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Source Code One Line Change [patch] and Copyright holder




This is the default and proposed installation in the README file. Many
many people claim until now (I have received plenty of email's!!!) that
they use this installation and could never imagine that there was
such a bug for more than a year now. Another guy reported that he has
installed pam_yubico module to more than 130 CentOS server's and you could
easily imagine what the consequences will be if someone has discovered the
bug and solely used it for his own profit.

Cheers,
Chris.

> ]] "Nanakos V. Chrysostomos" 
>

> | Authentication succeeded when no password 
> | was
given, unless use_first_pass was being used. 
> | This is fatal if
pam_yubico is considered 'sufficient' in the PAM 
> |
configuration. 
> 
> It also requires you to use the
client mode (which is the default) and not 
> the challenge 
> response mode, which explains why I couldn't reproduce your issue.

> 
> -- 
> Tollef Fog Heen 
> UNIX is
user friendly, it's just picky about who its friends are 
> 
> 
> -- 
> To UNSUBSCRIBE, email to
debian-devel-REQUEST@lists.debian.org 
> with a subject of
"unsubscribe". Trouble? Contact 
>
listmaster@lists.debian.org 
> Archive: 
>
87r548qnp0.fsf@qurzaw.varnish-software.com">http://lists.debian.org/87r548qnp0.fsf@qurzaw.varnish-software.com 
> 


This is the default and proposed installation in the README file. Many
many people claim until now (I have received plenty of email's!!!) that
they use this installation and could never imagine that there was
such a bug for more than a year now. Another guy reported that he has
installed pam_yubico module to more than 130 CentOS server's and you could
easily imagine what the consequences will be if someone has discovered the
bug and solely used it for his own profit.

Cheers,
Chris.

> ]] "Nanakos V. Chrysostomos" 
>

> | Authentication succeeded when no password 
> | was
given, unless use_first_pass was being used. 
> | This is fatal if
pam_yubico is considered 'sufficient' in the PAM 
> |
configuration. 
> 
> It also requires you to use the
client mode (which is the default) and not 
> the challenge 
> response mode, which explains why I couldn't reproduce your issue.

> 
> -- 
> Tollef Fog Heen 
> UNIX is
user friendly, it's just picky about who its friends are 
> 
> 
> -- 
> To UNSUBSCRIBE, email to
debian-devel-REQUEST@lists.debian.org 
> with a subject of
"unsubscribe". Trouble? Contact 
>
listmaster@lists.debian.org 
> Archive: 
>
87r548qnp0.fsf@qurzaw.varnish-software.com">http://lists.debian.org/87r548qnp0.fsf@qurzaw.varnish-software.com 
> 

This is the default and proposed installation in the README file. Many many people claim until now (I have received plenty of email's!!!) that they use this installation and could never imagine that there was such a bug for more than a year now. Another guy reported that he has installed pam_yubico module to more than 130 CentOS server's and you could easily imagine what the consequences will be if someone has discovered the bug and solely used it for his own profit.

Cheers,
Chris.

> ]] "Nanakos V. Chrysostomos"
>
> | Authentication succeeded when no password
> | was given, unless use_first_pass was being used.
> | This is fatal if pam_yubico is considered 'sufficient' in the PAM
> | configuration.
>
> It also requires you to use the client mode (which is the default) and not
> the challenge
> response mode, which explains why I couldn't reproduce your issue.
>
> --
> Tollef Fog Heen
> UNIX is user friendly, it's just picky about who its friends are
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive:
> http://lists.debian.org/87r548qnp0.fsf@qurzaw.varnish-software.com
>

Reply to: