Bug 30250

Summary: [PATCH] pam_opie makes authorization fail, despite correct OTP
Product: Base System Reporter: Gunnar Kreitz <gunnark>
Component: miscAssignee: Mark Murray <markm>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
pam_opie.diff none

Description Gunnar Kreitz 2001-09-01 15:00:00 UTC 
pam_opie makes authentication fail, despite correct OTP. When debug option is
added in /etc/pam.conf it logs returning PAM_SUCCESS from pam_sm_authenticate
but behaves as if PAM_AUTH_ERR was returned. I belive this comes from the
fact that the argument to the macro PAM_RETURN is evaulated twice and the
check fails the second time around because, as the comment it above states:
"[...] because opieverify mucks with it [its arguments]".

Fix: Apply this diff. It also makes the calls to pam_std_option in ..._authenticate
and ..._setcred symmetric, which I belive they should be. That part of the
patch is not relevant to the problem but should probably be included in the
cvs tree anyway.
How-To-Repeat: Enable pam_opie.so for authentication in /etc/pam.conf. Type in correct
OTP. 8)
Comment 1 Peter Pentchev freebsd_committer freebsd_triage 2001-09-01 15:19:59 UTC 
Responsible Changed
From-To: freebsd-bugs->markm

Mark does PAM..
Comment 2 Mark Murray freebsd_committer freebsd_triage 2001-09-04 18:06:13 UTC 
State Changed
From-To: open->closed

Committed, thanks!