README revision 29964
129964SacheOPIE Software Distribution, Release 2.31 Important Information 229964Sache======================================== ===================== 322347Spst 422347SpstIntroduction 522347Spst============ 622347Spst 722347Spst "One-time Passwords In Everything" (OPIE) is a freely distributable 822347Spstsoftware package originally developed at and for the US Naval Research 922347SpstLaboratory (NRL). Recent versions are the result of a cooperative effort 1022347Spstbetween of NRL, several of the original NRL authors, The Inner Net, and many 1122347Spstother contributors from the Internet community. 1222347Spst 1322347Spst OPIE is an implementation of the One-Time Password (OTP) System that 1422347Spstis being considered for the Internet standards-track. OPIE provides a one-time 1522347Spstpassword system. The system should be secure against the passive attacks 1622347Spstnow commonplace on the Internet (see RFC 1704 for more details). The system 1722347Spstis vulnerable to active dictionary attacks, though these are not widespread 1822347Spstat present and can be detected through proper use of system audit 1922347Spstsoftware. 2022347Spst 2122347Spst OPIE is primarily written for UNIX-like operating systems, but 2222347Spstwe are working to make applicable portions portable to other operating systems. 2322347SpstThe OPIE software is derived in part from and is fully interoperable with the 2422347SpstBell Communications Research (Bellcore) S/Key Release 1 software. Because 2522347SpstBellcore claims "S/Key" as a trademark for their software, NRL was forced to 2622347Spstuse a different name (we picked "OPIE") for this software distribution. 2722347Spst 2822347Spst OPIE includes the following additions/modifications to the 2922347Spstoriginal Bellcore S/Key(tm) Version 1 software: 3022347Spst 3122347Spst* Just about three command installation (unpack the software, run the 3222347Spst configure script, and run make install). While we still recommend that you 3322347Spst follow instructions and test things by hand, the more adventurous can 3422347Spst install OPIE quickly. 3522347Spst 3622347Spst* A modified BSD FTP daemon that does OTP. 3722347Spst 3822347Spst* A version of su that uses OTP by default. 3922347Spst 4022347Spst* MD5 support. MD5 is now the default algorithm, though MD4 is still supported 4122347Spst by changing a parameter in the Makefile. This change was made because MD5 is 4222347Spst widely believed to be cryptographically stronger than MD4 (see RFC 1321). 4322347Spst 4422347Spst* A more portable version of MD4 has been substituted for the original MD4. 4522347Spst This should solve the endian problems that were in S/Key. 4622347Spst 4722347Spst* Most of the system-dependencies have been moved to a new file "opie_cfg.h". 4822347Spst 4922347Spst* Configuration options have been moved to the Makefile. 5022347Spst 5122347Spst* Isolated system dependencies (e.g. BSDisms) with appropriate #ifdefs. 5222347Spst 5322347Spst* Revised the opiekey(1) program to simultaneously support MD4 and MD5, with 5422347Spst the default algorithm being tunable using the MDX symbol in the Makefile. 5522347Spst 5622347Spst* More operating systems are supported by recent versions of OPIE, but older 5722347Spst BSD systems that aren't close to being compliant with the POSIX standard are 5822347Spst no longer supported. 5922347Spst 6022347Spst* Transition mechanisms are optional to prevent potential back doors. 6122347Spst 6222347Spst* On systems using the /etc/opieaccess transition mechanism, users can choose 6322347Spst to require the use of OPIE to login to their accounts when it would 6422347Spst otherwise be optional. 6522347Spst 6622347Spst* Bug fixes 6722347Spst 6822347Spst* Cosmetic changes 6922347Spst 7022347Spst* Prompts (optionally) identify specifically what kind of entry (system 7122347Spst password, secret pass phrase, or OTP response) is allowed. 7222347Spst 7322347Spst* Changes to mostly conform with the draft Internet OTP standard. 7422347Spst 7522347SpstA Glance at What's New 7622347Spst====================== 7722347Spst 7829964Sache 2.31 March 20, 1997. 7929964Sache 8029964Sache Removed active attack protection support due to patent problems. 8129964Sache 8229964Sache Moved user locks to a separate directory. 8329964Sache 8429964Sache Moved user-serviceable configuration options to the configure script. 8529964Sache 8629964Sache Lots of portability and bug fixes. 8729964Sache 8822347Spst 2.3 September 22, 1996 8922347Spst 9022347Spst Autoconf is now the only supported configuration method. 9122347Spst 9222347Spst Lots of internal functions got re-written in ways that will make some 9322347Spstplanned future changes easier. 9422347Spst 9522347Spst OTP extended responses, such as automatic re-initialization. 9622347Spst 9722347Spst Support for a supplemental key file that stores information that was 9822347Spstnot in the original /etc/skeykeys file. This allows OPIE to store extra data 9922347Spstneeded for things like the OTP re-initialization extended response without 10022347Spstbreaking interoperability with other S/Key derived programs. This file is 10122347Spstnamed "/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST 10222347SpstNOT be world readable. 10322347Spst 10422347Spst OPIE should better support some of the native "features" of drain 10522347Spstbamaged OSs such as AIX, HP-UX, and Solaris. 10622347Spst 10722347Spst OPIE's utmp/wtmp handling has been completely re-written. This should 10822347Spstsolve many of the utmp/wtmp problems people have been having. 10922347Spst 11022347Spst Lots of cleanups. 11122347Spst 11222347Spst Bug fixes. 11322347Spst 11422347Spst 2.22 May 3, 1996. 11522347Spst 11622347Spst More minor bug fixes. OPIE once again works on Solaris 2.x. 11722347Spst 11822347Spst 2.21 April 27, 1996. 11922347Spst 12022347Spst Minor bug fixes. 12122347Spst 12222347Spst 2.2 April 11, 1996. 12322347Spst 12422347Spst opiesubr.c, opiesubr2.c, and a few other functions moved into 12522347Spsta subdirectory and split into files with fine granularity. Ditto with 12622347Spstmissing function replacements. This subdirectory structure changes a lot 12722347Spstof things around and more splitting like this should be expected in the 12822347Spstnear future. 12922347Spst 13022347Spst Added opiegenerator() library function that should make it very easy 13122347Spstto create OTP clients using the OPIE library (this function is subject to 13222347Spstchange: there are a few problems remaining to be solved). Just about re-write 13322347Spstopiegetpass() to use raw I/O and got most of the OPIE programs actually using 13422347Spstthat function. Autoconf build fixes. Lots of bug fixes. Lots of portability 13522347Spstfixes. Function declarations should be ANSI style for ANSI compilers. Several 13622347Spstfixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch 13722347Spstde-implemented. 13822347Spst 13922347Spst Added sample programs: opiegen (client) and opieserv (server). 14022347Spst 14122347Spst Probably broke non-autoconf support along the way :(. I've tried to 14222347Spstbring this back in sync, but it may still be broken. 14322347Spst 14422347Spst 2.11 December 27, 1995. 14522347Spst 14622347Spst Minor bug fixes. 14722347Spst 14822347Spst 2.10 December 26, 1995. 14922347Spst 15022347Spst Optional autoconf support. opieinfo is now a normal program. 15122347SpstBugs fixed -- should work much better on SunOS, HP-UX, and AIX. 15222347Spst 15322347SpstSystem Requirements 15422347Spst=================== 15522347Spst 15622347Spst In order to build and run properly, OPIE requires: 15722347Spst 15822347Spst * A UNIX-like operating system 15922347Spst * An ANSI C compiler and run-time library 16022347Spst * POSIX.1- and X/Open XPG-compliance (including termios) 16122347Spst * The BSD sockets API 16222347Spst * Approximately five megabytes of free disk space 16322347Spst 16422347Spst In practice, we believe that many systems who are close to meeting 16522347Spstthese requirements but aren't completely there (for example, SunOS with the 16622347Spstnative compiler) will also work. Systems who aren't anywhere near close 16722347Spst(for example, DOS) are not likely to work without major adjustments to the 16822347SpstOPIE code. 16922347Spst 17022347SpstIf OPIE Doesn't Work 17122347Spst==================== 17222347Spst 17322347Spst First and foremost, make sure you have the latest version of OPIE. The 17422347Spstlatest version is available by anonymous FTP at: 17522347Spst 17622347Spst ftp://ftp.nrl.navy.mil/pub/security/opie 17722347Spst and 17822347Spst ftp://ftp.inner.net/pub/opie 17922347Spst 18022347Spst If you have installed the OPIE software (either through "make test" 18122347Spstin (7) above or "make install" in (14)), you can run "make uninstall" from the 18222347SpstOPIE software distribution directory. This should remove the OPIE software and 18322347Spstrestore the original system programs, but it will not work properly (and can 18422347Spsteven result in the total loss of the old system programs -- beware!) if the 18522347Spstinstallation procedure itself did not work properly. 18622347Spst 18729964Sache If you are running a release version, try installing the latest public 18829964Sachetest version (look around). These frequently have already fixed the problem 18929964Sacheyou are seeing, but may have new problems of their own (that's why they're 19029964Sachetest versions!). 19129964Sache 19222347Spst OPIE is NOT supported software. We don't promise to support you or 19322347Spsteven to acknowledge your mail, but we are interested in bug reports and are 19422347Spstreasonable folks. We also have an interest in seeing OPIE work on as many 19522347Spstsystems as we can. However, if your system doesn't meet the basic requirements 19622347Spstfor OPIE, this will probably require an unreasonable amount of effort. 19722347Spst 19822347Spst The best bug reports include a diagnosis of the problem and a fix. 19922347SpstYour bug report can still be valuable if you can at least diagnose what the 20022347Spstproblem is. If you just tell us "it doesn't work," then we won't be able to 20122347Spstdo anything to help you. 20222347Spst 20322347Spst We've received a number of bug reports from people that look 20422347Spstinteresting, only to find when we try to follow up on them that the user 20522347Spsteither has an invalid return address or never bothered to respond to our 20622347Spstfollowup. Please make sure that bug reports you send us have an electronic 20722347Spstmail address that we can reply to somewhere in them (if necessary, just 20822347Spstput it in the message body). If we send you a response and you are unable 20922347Spstto invest the time to work with us to solve the problem, please tell us -- 21022347Spstfew things are more irritating than when someone sends us information 21122347Spstabout a bug that we'd like to fix and then is never heard from again. 21222347Spst 21322347Spst We try to respond to all properly submitted bug reports. Improperly 21422347Spstsubmitted bug reports will be responded to only if we have time left after 21522347Spstresponding to properly submitted bug reports. We deliberately ignore bug 21622347Spst"reports" sent to mailing lists or USENET news groups instead of or before 21722347Spstour bug report address. At the least, the latter practice is lacking in 21822347Spstcourtesy. 21922347Spst 22022347Spst The file BUG-REPORT contains our bug reporting form. Please use it 22122347Spstand follow the submission instructions in that file. We are going to switch 22222347Spstto machine-parsed bug report processing sometime in the near future to make 22322347Spstit easier to coordinate bug hunting. 22422347Spst 22522347SpstGotchas 22622347Spst======= 22722347Spst 22822347Spst While an almost universal "feature", most people remain unaware that 22922347Spstan intruder can log into a system, then log in again by running the "login" 23022347Spstcommand from a shell. Because the second login is from the local host, the 23122347Spstutmp entry will not show a remote login host anymore. The OPIE replacement 23222347Spstfor /bin/login currently carries on this behavior for compatibility reasons. 23322347SpstIf you would like to prevent this from happening, you should change the 23422347Spstpermissions of /bin/login to 0100, thus preventing unprivileged users from 23522347Spstexecuting it. This fix should work on non-OPIE /bin/login programs as well. 23622347Spst 23722347Spst On 4.3BSDish systems, the supplied /bin/login replacement obtains 23822347Spstthe terminal type for the console comes from the console line in the /etc/ttys 23922347Spstfile. Several systems contain a default entry in this file that specifies the 24022347Spstconsole terminal type as "unknown". This is probably not what you want. 24122347Spst 24222347Spst The OPIE FTP daemon responds with two 530 error messages if you have 24322347Spstnot yet logged in and execute a command that will also do a PORT request. This 24422347Spstis a feature, not a bug, as the FTP client is really sending the server two 24522347Spstcommands (for instance, a PORT and a LIST if you tell your BSD FTP client to do 24622347Spsta DIR command) and the server is responding to each of them with an error. The 24722347Spststock BSD FTP daemon doesn't check the PORT commands to see if you are logged 24822347Spstin, so you would only get one error message. This change should not break any 24922347Spststandards-compliant FTP client, but there are a number of brain-damaged GUI 25022347Spstclients that have a track record for not dealing gracefully with any server 25122347Spstother than the stock BSD one. 25222347Spst 25322347Spst The /etc/opieaccess transition mechanism is, by definition, a security 25422347Spsthole in the OPIE software because an attacker could use it to circumvent the 25522347Spstrequirement for OPIE authentication. You should compile the software with 25622347Spstsupport for this file disabled unless you absolutely cannot use the software 25722347Spstwithout it because of your environment. If you do use this support for 25822347Spsttransition purposes, you should move people to OTP authentication as quickly 25922347Spstas possible and rebuild and reinstall OPIE with this transition support 26022347Spstdisabled so that you won't have a lurking security hole. 26122347Spst 26222347Spst If this wasn't already clear, do not let your sequence number fall 26322347Spstbelow about ten. If your sequence number reaches zero, your OTP sequence 26422347Spstcan only be reset by the superuser. System administrators should make this 26522347Spstcaveat known to their users. 26622347Spst 26722347Spst On Solaris 2.x systems (and possibly others) running NIS+, users 26822347Spstshould run keylogin(1) manually after login because opielogin(1) does not 26922347Spstdo that automatically like the system login(1) program. 27022347Spst 27122347Spst There are reports that some versions of GNU C Compiler (GCC) 27222347Spst(when installed on some systems) use their own termios(4) instead of 27322347Spstthe system's termios(4). This can cause problems. If you are having 27422347Spstcompilation problems that seem to relate to termios and you are using 27522347SpstGCC, you should probably verify that it is using the system's 27622347Spsttermios(4) and not some internal-to-GCC termios(4). One report 27722347Spstindicates that Sun's C compiler works fine with SunOS 4.1.3/4.1.4 on 27822347SpstSPARC, but that some version of GCC on the same system has this 27922347Spsttermios(4) problem. We haven't reproduced these problems ourselves 28022347Spstand hence aren't sure what is happening, but we pass this along for 28122347Spstyour information. (This may have something to do with the use of GNU 28222347Spstlibc) 28322347Spst 28422347Spst If a user has a valid entry in the opiekeys database but has an 28522347Spstasterisk in their traditional password entry, they will not be able to 28622347Spstlog in via opielogin, but opielogin will decrement their sequence number 28722347Spstif a valid response is received. 28822347Spst 28922347Spst On some systems, the OPIE login program does not always display 29029964Sachea "login:" prompt the first time. There is a race condition in many older 29129964Sachetelnetds that is probably the cause of this problem. This should be fixed by 29229964Sachereplacing your telnetd with the latest version of the stock telnetd 29329964Sache(ftp.cray.com:/src/telnet). 29422347Spst 29522347Spst The standard HPUX compiler is severely drain bamaged. One of the 29622347Spstworst parts is that it sometimes won't grok a symbol definition with forward 29722347Spstslashes in them properly and can choke badly on the definition of the key 29822347Spstfile's location. If this happens to you, install and use GCC. (This problem 29922347Spstmay or may not also come up with the optional HP ANSI C compiler -- we don't 30022347Spstknow for sure what compilers have this problem). 30122347Spst 30222347Spst As of OPIE 2.2, the seed is converted to lower case and its length is 30322347Spstchecked in order to comply with the OTP specification. If any of your users 30422347Spsthave seeds that use capital letters or are too long, they need to run the OPIE 30522347Spst2.2 opiepasswd program to re-initialize their sequence to one with a different 30622347Spstseed. 30722347Spst 30822347Spst opielogin is a replacement for /bin/login. It is NOT an OPIE "shell." 30922347SpstYou can use it as one, but don't be surprised if it doesn't behave the way 31029964Sacheyou expect -- we've seen various reports of success and failure when used this 31129964Sacheway. An OPIE "shell" is on the TODO list. 31222347Spst 31322347Spst Clients that use opiegen() will automatically send a re-initialization 31422347Spstextended response if the sequence number falls below ten. If the server does 31522347Spstnot support this, the user will need to log in using opiekey and reset his 31622347Spstsequence manually (using opiepasswd). 31722347Spst 31829964Sache For reasons that remain very unclear, Solaris passes the login name 31929964Sachefrom getty/telnetd to login by stuffing it in the terminal input buffer 32029964Sacheinstead of passing it on the command line like every other *IX. This is just 32129964Sacheplain broken. Solaris has other problems with its telnetd and getty; you may 32229964Sachewant to consider getting the telnet(d) sources (ftp.cray.com:/src/telnet) 32329964Sacheand reasonable getty sources (try sunsite.unc.edu:/pub/Linux/system/Serial, at 32429964Sacheleast one of agetty, mingetty, and getty_ps should work) and replacing the 32529964SacheSolaris versions with these. OPIE should work *much* more happily with these 32629964Sacheprograms than the ones that come with Solaris. However, there could be negative 32729964Sacheside effects -- this is not a procedure recommended for the faint of heart. An 32829964Sacheeven more drastic solution more likely to make OPIE happy is to install Linux 32929964Sacheor NetBSD on your box ;) 33029964Sache 33129964Sache OPIE is a lot more fussy than it used to be about lock files and where 33229964Sacheit puts them. The lock file directory must be a directory used only for OPIE 33329964Sachelock files. It must be a directory, owned by the superuser, and must be mode 33429964Sache0700. 33529964Sache 33622347SpstGripes 33722347Spst====== 33822347Spst 33922347Spst Is it too much to ask that certain OS vendors just do the right thing 34029964Sacheand not "fix" what isn't broken? (Look at all the ifdefs in the OPIE code and 34122347Spstthe answer is clear) 34222347Spst 34329964Sache utmp and wtmp handling in OPIE has been a very, very sore subject. 34429964SacheEvery vendor does things differently, and, of course, most of them swear they 34529964Sacheare complying to some or other "standard." My (cmetz) conclusion is that the 34629964Sacheonly thing that is standard about utmp and wtmp handling is that it will be 34729964Sachenonstandard on any given system. I've tried a lot of things and I've wasted 34829964Sache*a lot* of time on trying to make utmp and wtmp handling work for everybody; 34929964Sachemy conclusion is that it will never happen. I personally am willing to stand 35029964Sachebehind the code for utmp/wtmp handling on reasonable Linux and 4.4BSD-Lite 35129964Sachesystems. If it breaks, tell me and I will fix it. While I am still interested 35229964Sachein hearing about fixes for other OSs, I'm not likely to go out of my way to fix 35329964Sacheutmp/wtmp handling on them. If you want it fixed, the best way to do it is to 35429964Sachefix it yourself and give me a patch. As long as the patch is reasonable, I'll 35529964Sacheinclude it in the next release. If you can't wait, use the --disable-utmp 35629964Sacheoption. 35729964Sache 35822347SpstCredits 35922347Spst======= 36022347Spst 36122347Spst First and foremost credit goes to Phil Karn, Neil M. Haller, and John 36222347SpstS. Walden of Bellcore for creating the S/Key Version 1 software distribution 36322347Spstand for making its source code freely available to the public. Without their 36422347Spstwork, OPIE would not exist. Neil has also invested a good amount of his time 36522347Spstin the development of a standard for One-Time Passwords so that packages like 36622347SpstOPIE can interoperate. 36722347Spst 36822347Spst The first NRL OPIE distribution included modifications made primarily 36922347Spstby Dan McDonald of the U.S. Naval Research Laboratory (NRL) during March 1994. 37022347SpstThe 2nd NRL OPIE distribution, which has a number of improvements in areas 37122347Spstsuch as portability of software and ease of installation, is primarily the 37222347Spstwork of Ran Atkinson and Craig Metz. Other NRL contributors include Brian 37322347SpstAdamson, Steve Batsell, Preston Mullen, Bao Phan, Jim Ramsey, and Georg Thomas. 37422347Spst 37522347Spst Some of version 2.2 was developed at NRL and released as a work in 37622347Spstprogress. Most of the release version was developed by Craig Metz (also of 37722347SpstNRL), others at The Inner Net, and contributors from the Internet community. 37822347SpstVersions beyond 2.2 were developed outside NRL, so don't blame them if they 37922347Spstdon't work (But please credit them when it does. Without the NRL effort, there 38022347Spstwouldn't be an OPIE). 38122347Spst 38222347Spst We would like to also thank everyone who helped us by by beta testing, 38322347Spstreporting bugs, suggesting improvements, and/or sending us patches. We 38422347Spstappreciate your contributions -- they have helped to make OPIE more of a 38522347Spstcommunity effort. These contributors include: 38622347Spst 38722347Spst Mowgli Assor 38822347Spst Lawrie Brown 38929964Sache Andrew Davis 39022347Spst Axel Grewe 39122347Spst "Hobbit" 39229964Sache Kojima Hajime 39322347Spst Darren Hosking 39422347Spst Martijn Koster 39522347Spst Osamu Kurati 39622347Spst Ayamura Kikuchi 39729964Sache Hiroshi Nakano 39822347Spst Ikuo Nakagawa 39922347Spst Angelo Neri 40029964Sache C. R. Oldham 40122347Spst D. Jason Penney 40222347Spst John Perkins 40322347Spst Jim Simmons 40429964Sache Brad Smith 40522347Spst Werner Wiethege 40622347Spst Wietse Venema 40722347Spst 40822347Spst OPIE development at NRL was sponsored by the Information Security 40922347SpstProgram Office (PD 71E), U.S. Space and Naval Warfare Systems Command, Crystal 41022347SpstCity, Virginia. 41122347Spst 41222347Spst If you have problems with OPIE, please follow the instructions under 41322347Spst"If OPIE Doesn't Work." Under NO circumstances should you send trouble 41422347Spstreports directly to the authors or contributors. 41522347Spst 41622347SpstTrademarks 41722347Spst========== 41822347SpstS/Key is a trademark of Bell Communications Research (Bellcore). 41922347SpstUNIX is a trademark of X/Open. 42022347SpstNRL is a trademark of the U. S. Naval Research Laboratory. 42122347Spst 42222347SpstAll other trademarks are trademarks of their respective owners. 42322347Spst 42422347SpstThe term "OPIE" is in the public domain and hence cannot be legally 42522347Spsttrademarked by anyone. 42622347Spst 42722347SpstCopyrights 42822347Spst========== 42929964Sache%%% portions-copyright-cmetz-96 43029964SachePortions of this software are Copyright 1996-1997 by Craig Metz, All Rights 43122347SpstReserved. The Inner Net License Version 2 applies to these portions of 43222347Spstthe software. 43322347SpstYou should have received a copy of the license with this software. If 43422347Spstyou didn't get a copy, you may request one from <license@inner.net>. 43522347Spst 43622347SpstPortions of this software are Copyright 1995 by Randall Atkinson and Dan 43722347SpstMcDonald, All Rights Reserved. All Rights under this copyright are assigned 43822347Spstto the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 43922347SpstLicense Agreement applies to this software. 44022347Spst 44122347SpstPortions of this software are copyright 1980-1990 Regents of the 44222347SpstUniversity of California, all rights reserved. The Berkeley Software 44322347SpstLicense Agreement specifies the terms and conditions for redistribution. 44422347Spst 44522347SpstPortions of this software are copyright 1990 Bell Communications Research 44622347Spst(Bellcore), all rights reserved. 447