README revision 59118
159118SkrisOPIE Software Distribution, Release 2.32 Important Information 229964Sache======================================== ===================== 322347Spst 422347SpstIntroduction 522347Spst============ 622347Spst 722347Spst "One-time Passwords In Everything" (OPIE) is a freely distributable 822347Spstsoftware package originally developed at and for the US Naval Research 922347SpstLaboratory (NRL). Recent versions are the result of a cooperative effort 1022347Spstbetween of NRL, several of the original NRL authors, The Inner Net, and many 1122347Spstother contributors from the Internet community. 1222347Spst 1322347Spst OPIE is an implementation of the One-Time Password (OTP) System that 1422347Spstis being considered for the Internet standards-track. OPIE provides a one-time 1522347Spstpassword system. The system should be secure against the passive attacks 1622347Spstnow commonplace on the Internet (see RFC 1704 for more details). The system 1722347Spstis vulnerable to active dictionary attacks, though these are not widespread 1822347Spstat present and can be detected through proper use of system audit 1922347Spstsoftware. 2022347Spst 2122347Spst OPIE is primarily written for UNIX-like operating systems, but 2222347Spstwe are working to make applicable portions portable to other operating systems. 2322347SpstThe OPIE software is derived in part from and is fully interoperable with the 2422347SpstBell Communications Research (Bellcore) S/Key Release 1 software. Because 2522347SpstBellcore claims "S/Key" as a trademark for their software, NRL was forced to 2622347Spstuse a different name (we picked "OPIE") for this software distribution. 2722347Spst 2822347Spst OPIE includes the following additions/modifications to the 2922347Spstoriginal Bellcore S/Key(tm) Version 1 software: 3022347Spst 3122347Spst* Just about three command installation (unpack the software, run the 3222347Spst configure script, and run make install). While we still recommend that you 3322347Spst follow instructions and test things by hand, the more adventurous can 3422347Spst install OPIE quickly. 3522347Spst 3622347Spst* A modified BSD FTP daemon that does OTP. 3722347Spst 3822347Spst* A version of su that uses OTP by default. 3922347Spst 4022347Spst* MD5 support. MD5 is now the default algorithm, though MD4 is still supported 4122347Spst by changing a parameter in the Makefile. This change was made because MD5 is 4222347Spst widely believed to be cryptographically stronger than MD4 (see RFC 1321). 4322347Spst 4422347Spst* A more portable version of MD4 has been substituted for the original MD4. 4522347Spst This should solve the endian problems that were in S/Key. 4622347Spst 4722347Spst* Most of the system-dependencies have been moved to a new file "opie_cfg.h". 4822347Spst 4922347Spst* Configuration options have been moved to the Makefile. 5022347Spst 5122347Spst* Isolated system dependencies (e.g. BSDisms) with appropriate #ifdefs. 5222347Spst 5322347Spst* Revised the opiekey(1) program to simultaneously support MD4 and MD5, with 5422347Spst the default algorithm being tunable using the MDX symbol in the Makefile. 5522347Spst 5622347Spst* More operating systems are supported by recent versions of OPIE, but older 5722347Spst BSD systems that aren't close to being compliant with the POSIX standard are 5822347Spst no longer supported. 5922347Spst 6022347Spst* Transition mechanisms are optional to prevent potential back doors. 6122347Spst 6222347Spst* On systems using the /etc/opieaccess transition mechanism, users can choose 6322347Spst to require the use of OPIE to login to their accounts when it would 6422347Spst otherwise be optional. 6522347Spst 6622347Spst* Bug fixes 6722347Spst 6822347Spst* Cosmetic changes 6922347Spst 7022347Spst* Prompts (optionally) identify specifically what kind of entry (system 7122347Spst password, secret pass phrase, or OTP response) is allowed. 7222347Spst 7322347Spst* Changes to mostly conform with the draft Internet OTP standard. 7422347Spst 7522347SpstA Glance at What's New 7622347Spst====================== 7722347Spst 7859118Skris 2.32 January 1, 1998. 7959118Skris 8059118Skris Indicate support for extended responses in challenges and check for 8159118Skris such indication before generating any extended responses. 8259118Skris 8359118Skris Lots of portability and bug fixes. 8459118Skris 8529964Sache 2.31 March 20, 1997. 8629964Sache 8729964Sache Removed active attack protection support due to patent problems. 8829964Sache 8929964Sache Moved user locks to a separate directory. 9029964Sache 9129964Sache Moved user-serviceable configuration options to the configure script. 9229964Sache 9329964Sache Lots of portability and bug fixes. 9429964Sache 9522347Spst 2.3 September 22, 1996 9622347Spst 9722347Spst Autoconf is now the only supported configuration method. 9822347Spst 9922347Spst Lots of internal functions got re-written in ways that will make some 10022347Spstplanned future changes easier. 10122347Spst 10222347Spst OTP extended responses, such as automatic re-initialization. 10322347Spst 10422347Spst Support for a supplemental key file that stores information that was 10522347Spstnot in the original /etc/skeykeys file. This allows OPIE to store extra data 10622347Spstneeded for things like the OTP re-initialization extended response without 10722347Spstbreaking interoperability with other S/Key derived programs. This file is 10822347Spstnamed "/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST 10922347SpstNOT be world readable. 11022347Spst 11122347Spst OPIE should better support some of the native "features" of drain 11222347Spstbamaged OSs such as AIX, HP-UX, and Solaris. 11322347Spst 11422347Spst OPIE's utmp/wtmp handling has been completely re-written. This should 11522347Spstsolve many of the utmp/wtmp problems people have been having. 11622347Spst 11722347Spst Lots of cleanups. 11822347Spst 11922347Spst Bug fixes. 12022347Spst 12122347Spst 2.22 May 3, 1996. 12222347Spst 12322347Spst More minor bug fixes. OPIE once again works on Solaris 2.x. 12422347Spst 12522347Spst 2.21 April 27, 1996. 12622347Spst 12722347Spst Minor bug fixes. 12822347Spst 12922347Spst 2.2 April 11, 1996. 13022347Spst 13122347Spst opiesubr.c, opiesubr2.c, and a few other functions moved into 13222347Spsta subdirectory and split into files with fine granularity. Ditto with 13322347Spstmissing function replacements. This subdirectory structure changes a lot 13422347Spstof things around and more splitting like this should be expected in the 13522347Spstnear future. 13622347Spst 13722347Spst Added opiegenerator() library function that should make it very easy 13822347Spstto create OTP clients using the OPIE library (this function is subject to 13922347Spstchange: there are a few problems remaining to be solved). Just about re-write 14022347Spstopiegetpass() to use raw I/O and got most of the OPIE programs actually using 14122347Spstthat function. Autoconf build fixes. Lots of bug fixes. Lots of portability 14222347Spstfixes. Function declarations should be ANSI style for ANSI compilers. Several 14322347Spstfixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch 14422347Spstde-implemented. 14522347Spst 14622347Spst Added sample programs: opiegen (client) and opieserv (server). 14722347Spst 14822347Spst Probably broke non-autoconf support along the way :(. I've tried to 14922347Spstbring this back in sync, but it may still be broken. 15022347Spst 15122347Spst 2.11 December 27, 1995. 15222347Spst 15322347Spst Minor bug fixes. 15422347Spst 15522347Spst 2.10 December 26, 1995. 15622347Spst 15722347Spst Optional autoconf support. opieinfo is now a normal program. 15822347SpstBugs fixed -- should work much better on SunOS, HP-UX, and AIX. 15922347Spst 16022347SpstSystem Requirements 16122347Spst=================== 16222347Spst 16322347Spst In order to build and run properly, OPIE requires: 16422347Spst 16522347Spst * A UNIX-like operating system 16622347Spst * An ANSI C compiler and run-time library 16722347Spst * POSIX.1- and X/Open XPG-compliance (including termios) 16822347Spst * The BSD sockets API 16922347Spst * Approximately five megabytes of free disk space 17022347Spst 17122347Spst In practice, we believe that many systems who are close to meeting 17222347Spstthese requirements but aren't completely there (for example, SunOS with the 17322347Spstnative compiler) will also work. Systems who aren't anywhere near close 17422347Spst(for example, DOS) are not likely to work without major adjustments to the 17522347SpstOPIE code. 17622347Spst 17722347SpstIf OPIE Doesn't Work 17822347Spst==================== 17922347Spst 18022347Spst First and foremost, make sure you have the latest version of OPIE. The 18122347Spstlatest version is available by anonymous FTP at: 18222347Spst 18322347Spst ftp://ftp.nrl.navy.mil/pub/security/opie 18422347Spst and 18522347Spst ftp://ftp.inner.net/pub/opie 18622347Spst 18722347Spst If you have installed the OPIE software (either through "make test" 18822347Spstin (7) above or "make install" in (14)), you can run "make uninstall" from the 18922347SpstOPIE software distribution directory. This should remove the OPIE software and 19022347Spstrestore the original system programs, but it will not work properly (and can 19122347Spsteven result in the total loss of the old system programs -- beware!) if the 19222347Spstinstallation procedure itself did not work properly. 19322347Spst 19429964Sache If you are running a release version, try installing the latest public 19529964Sachetest version (look around). These frequently have already fixed the problem 19629964Sacheyou are seeing, but may have new problems of their own (that's why they're 19729964Sachetest versions!). 19829964Sache 19922347Spst OPIE is NOT supported software. We don't promise to support you or 20022347Spsteven to acknowledge your mail, but we are interested in bug reports and are 20122347Spstreasonable folks. We also have an interest in seeing OPIE work on as many 20222347Spstsystems as we can. However, if your system doesn't meet the basic requirements 20322347Spstfor OPIE, this will probably require an unreasonable amount of effort. 20422347Spst 20522347Spst The best bug reports include a diagnosis of the problem and a fix. 20622347SpstYour bug report can still be valuable if you can at least diagnose what the 20722347Spstproblem is. If you just tell us "it doesn't work," then we won't be able to 20822347Spstdo anything to help you. 20922347Spst 21022347Spst We've received a number of bug reports from people that look 21122347Spstinteresting, only to find when we try to follow up on them that the user 21222347Spsteither has an invalid return address or never bothered to respond to our 21322347Spstfollowup. Please make sure that bug reports you send us have an electronic 21422347Spstmail address that we can reply to somewhere in them (if necessary, just 21522347Spstput it in the message body). If we send you a response and you are unable 21622347Spstto invest the time to work with us to solve the problem, please tell us -- 21722347Spstfew things are more irritating than when someone sends us information 21822347Spstabout a bug that we'd like to fix and then is never heard from again. 21922347Spst 22022347Spst We try to respond to all properly submitted bug reports. Improperly 22122347Spstsubmitted bug reports will be responded to only if we have time left after 22222347Spstresponding to properly submitted bug reports. We deliberately ignore bug 22322347Spst"reports" sent to mailing lists or USENET news groups instead of or before 22422347Spstour bug report address. At the least, the latter practice is lacking in 22522347Spstcourtesy. 22622347Spst 22722347Spst The file BUG-REPORT contains our bug reporting form. Please use it 22822347Spstand follow the submission instructions in that file. We are going to switch 22922347Spstto machine-parsed bug report processing sometime in the near future to make 23022347Spstit easier to coordinate bug hunting. 23122347Spst 23222347SpstGotchas 23322347Spst======= 23422347Spst 23559118Skris Solaris 2.x is just a lose. It does a lot of nonstandard and downright 23659118Skrisbroken things. If you want OPIE to be reliable on your box, upgrade to NetBSD 23759118Skrisor Linux. 23859118Skris 23922347Spst While an almost universal "feature", most people remain unaware that 24022347Spstan intruder can log into a system, then log in again by running the "login" 24122347Spstcommand from a shell. Because the second login is from the local host, the 24222347Spstutmp entry will not show a remote login host anymore. The OPIE replacement 24322347Spstfor /bin/login currently carries on this behavior for compatibility reasons. 24422347SpstIf you would like to prevent this from happening, you should change the 24522347Spstpermissions of /bin/login to 0100, thus preventing unprivileged users from 24622347Spstexecuting it. This fix should work on non-OPIE /bin/login programs as well. 24722347Spst 24822347Spst On 4.3BSDish systems, the supplied /bin/login replacement obtains 24922347Spstthe terminal type for the console comes from the console line in the /etc/ttys 25022347Spstfile. Several systems contain a default entry in this file that specifies the 25122347Spstconsole terminal type as "unknown". This is probably not what you want. 25222347Spst 25322347Spst The OPIE FTP daemon responds with two 530 error messages if you have 25422347Spstnot yet logged in and execute a command that will also do a PORT request. This 25522347Spstis a feature, not a bug, as the FTP client is really sending the server two 25622347Spstcommands (for instance, a PORT and a LIST if you tell your BSD FTP client to do 25722347Spsta DIR command) and the server is responding to each of them with an error. The 25822347Spststock BSD FTP daemon doesn't check the PORT commands to see if you are logged 25922347Spstin, so you would only get one error message. This change should not break any 26022347Spststandards-compliant FTP client, but there are a number of brain-damaged GUI 26122347Spstclients that have a track record for not dealing gracefully with any server 26222347Spstother than the stock BSD one. 26322347Spst 26422347Spst The /etc/opieaccess transition mechanism is, by definition, a security 26522347Spsthole in the OPIE software because an attacker could use it to circumvent the 26622347Spstrequirement for OPIE authentication. You should compile the software with 26722347Spstsupport for this file disabled unless you absolutely cannot use the software 26822347Spstwithout it because of your environment. If you do use this support for 26922347Spsttransition purposes, you should move people to OTP authentication as quickly 27022347Spstas possible and rebuild and reinstall OPIE with this transition support 27122347Spstdisabled so that you won't have a lurking security hole. 27222347Spst 27322347Spst If this wasn't already clear, do not let your sequence number fall 27422347Spstbelow about ten. If your sequence number reaches zero, your OTP sequence 27522347Spstcan only be reset by the superuser. System administrators should make this 27622347Spstcaveat known to their users. 27722347Spst 27822347Spst On Solaris 2.x systems (and possibly others) running NIS+, users 27922347Spstshould run keylogin(1) manually after login because opielogin(1) does not 28022347Spstdo that automatically like the system login(1) program. 28122347Spst 28222347Spst There are reports that some versions of GNU C Compiler (GCC) 28322347Spst(when installed on some systems) use their own termios(4) instead of 28422347Spstthe system's termios(4). This can cause problems. If you are having 28522347Spstcompilation problems that seem to relate to termios and you are using 28622347SpstGCC, you should probably verify that it is using the system's 28722347Spsttermios(4) and not some internal-to-GCC termios(4). One report 28822347Spstindicates that Sun's C compiler works fine with SunOS 4.1.3/4.1.4 on 28922347SpstSPARC, but that some version of GCC on the same system has this 29022347Spsttermios(4) problem. We haven't reproduced these problems ourselves 29122347Spstand hence aren't sure what is happening, but we pass this along for 29222347Spstyour information. (This may have something to do with the use of GNU 29322347Spstlibc) 29422347Spst 29522347Spst If a user has a valid entry in the opiekeys database but has an 29622347Spstasterisk in their traditional password entry, they will not be able to 29722347Spstlog in via opielogin, but opielogin will decrement their sequence number 29822347Spstif a valid response is received. 29922347Spst 30022347Spst On some systems, the OPIE login program does not always display 30129964Sachea "login:" prompt the first time. There is a race condition in many older 30229964Sachetelnetds that is probably the cause of this problem. This should be fixed by 30329964Sachereplacing your telnetd with the latest version of the stock telnetd 30429964Sache(ftp.cray.com:/src/telnet). 30522347Spst 30622347Spst The standard HPUX compiler is severely drain bamaged. One of the 30722347Spstworst parts is that it sometimes won't grok a symbol definition with forward 30822347Spstslashes in them properly and can choke badly on the definition of the key 30922347Spstfile's location. If this happens to you, install and use GCC. (This problem 31022347Spstmay or may not also come up with the optional HP ANSI C compiler -- we don't 31122347Spstknow for sure what compilers have this problem). 31222347Spst 31322347Spst As of OPIE 2.2, the seed is converted to lower case and its length is 31422347Spstchecked in order to comply with the OTP specification. If any of your users 31522347Spsthave seeds that use capital letters or are too long, they need to run the OPIE 31622347Spst2.2 opiepasswd program to re-initialize their sequence to one with a different 31722347Spstseed. 31822347Spst 31922347Spst opielogin is a replacement for /bin/login. It is NOT an OPIE "shell." 32022347SpstYou can use it as one, but don't be surprised if it doesn't behave the way 32129964Sacheyou expect -- we've seen various reports of success and failure when used this 32229964Sacheway. An OPIE "shell" is on the TODO list. 32322347Spst 32422347Spst Clients that use opiegen() will automatically send a re-initialization 32522347Spstextended response if the sequence number falls below ten. If the server does 32622347Spstnot support this, the user will need to log in using opiekey and reset his 32722347Spstsequence manually (using opiepasswd). 32822347Spst 32929964Sache For reasons that remain very unclear, Solaris passes the login name 33029964Sachefrom getty/telnetd to login by stuffing it in the terminal input buffer 33129964Sacheinstead of passing it on the command line like every other *IX. This is just 33229964Sacheplain broken. Solaris has other problems with its telnetd and getty; you may 33329964Sachewant to consider getting the telnet(d) sources (ftp.cray.com:/src/telnet) 33429964Sacheand reasonable getty sources (try sunsite.unc.edu:/pub/Linux/system/Serial, at 33529964Sacheleast one of agetty, mingetty, and getty_ps should work) and replacing the 33629964SacheSolaris versions with these. OPIE should work *much* more happily with these 33729964Sacheprograms than the ones that come with Solaris. However, there could be negative 33859118Skrisside effects -- this is not a procedure recommended for the faint of heart. 33929964Sache 34029964Sache OPIE is a lot more fussy than it used to be about lock files and where 34129964Sacheit puts them. The lock file directory must be a directory used only for OPIE 34229964Sachelock files. It must be a directory, owned by the superuser, and must be mode 34329964Sache0700. 34429964Sache 34522347SpstGripes 34622347Spst====== 34722347Spst 34822347Spst Is it too much to ask that certain OS vendors just do the right thing 34929964Sacheand not "fix" what isn't broken? (Look at all the ifdefs in the OPIE code and 35022347Spstthe answer is clear) 35122347Spst 35229964Sache utmp and wtmp handling in OPIE has been a very, very sore subject. 35329964SacheEvery vendor does things differently, and, of course, most of them swear they 35429964Sacheare complying to some or other "standard." My (cmetz) conclusion is that the 35529964Sacheonly thing that is standard about utmp and wtmp handling is that it will be 35629964Sachenonstandard on any given system. I've tried a lot of things and I've wasted 35729964Sache*a lot* of time on trying to make utmp and wtmp handling work for everybody; 35829964Sachemy conclusion is that it will never happen. I personally am willing to stand 35929964Sachebehind the code for utmp/wtmp handling on reasonable Linux and 4.4BSD-Lite 36029964Sachesystems. If it breaks, tell me and I will fix it. While I am still interested 36129964Sachein hearing about fixes for other OSs, I'm not likely to go out of my way to fix 36229964Sacheutmp/wtmp handling on them. If you want it fixed, the best way to do it is to 36329964Sachefix it yourself and give me a patch. As long as the patch is reasonable, I'll 36429964Sacheinclude it in the next release. If you can't wait, use the --disable-utmp 36529964Sacheoption. 36629964Sache 36722347SpstCredits 36822347Spst======= 36922347Spst 37022347Spst First and foremost credit goes to Phil Karn, Neil M. Haller, and John 37122347SpstS. Walden of Bellcore for creating the S/Key Version 1 software distribution 37222347Spstand for making its source code freely available to the public. Without their 37322347Spstwork, OPIE would not exist. Neil has also invested a good amount of his time 37422347Spstin the development of a standard for One-Time Passwords so that packages like 37522347SpstOPIE can interoperate. 37622347Spst 37722347Spst The first NRL OPIE distribution included modifications made primarily 37822347Spstby Dan McDonald of the U.S. Naval Research Laboratory (NRL) during March 1994. 37922347SpstThe 2nd NRL OPIE distribution, which has a number of improvements in areas 38022347Spstsuch as portability of software and ease of installation, is primarily the 38122347Spstwork of Ran Atkinson and Craig Metz. Other NRL contributors include Brian 38222347SpstAdamson, Steve Batsell, Preston Mullen, Bao Phan, Jim Ramsey, and Georg Thomas. 38322347Spst 38422347Spst Some of version 2.2 was developed at NRL and released as a work in 38522347Spstprogress. Most of the release version was developed by Craig Metz (also of 38622347SpstNRL), others at The Inner Net, and contributors from the Internet community. 38722347SpstVersions beyond 2.2 were developed outside NRL, so don't blame them if they 38822347Spstdon't work (But please credit them when it does. Without the NRL effort, there 38922347Spstwouldn't be an OPIE). 39022347Spst 39122347Spst We would like to also thank everyone who helped us by by beta testing, 39222347Spstreporting bugs, suggesting improvements, and/or sending us patches. We 39322347Spstappreciate your contributions -- they have helped to make OPIE more of a 39422347Spstcommunity effort. These contributors include: 39522347Spst 39622347Spst Mowgli Assor 39722347Spst Lawrie Brown 39829964Sache Andrew Davis 39959118Skris Dennis Glatting 40059118Skris Ben Golding 40122347Spst Axel Grewe 40222347Spst "Hobbit" 40329964Sache Kojima Hajime 40422347Spst Darren Hosking 40559118Skris Matt Hucke 40659118Skris Charles Karney 40759118Skris Jeff Kletsky 40822347Spst Martijn Koster 40922347Spst Osamu Kurati 41022347Spst Ayamura Kikuchi 41159118Skris Ronald van der Meer 41229964Sache Hiroshi Nakano 41322347Spst Ikuo Nakagawa 41422347Spst Angelo Neri 41529964Sache C. R. Oldham 41622347Spst D. Jason Penney 41722347Spst John Perkins 41859118Skris Steve Price 41922347Spst Jim Simmons 42059118Skris Steve Simmons 42129964Sache Brad Smith 42222347Spst Werner Wiethege 42359118Skris Ken-ichi Yamasaki 42422347Spst Wietse Venema 42522347Spst 42622347Spst OPIE development at NRL was sponsored by the Information Security 42722347SpstProgram Office (PD 71E), U.S. Space and Naval Warfare Systems Command, Crystal 42822347SpstCity, Virginia. 42922347Spst 43022347Spst If you have problems with OPIE, please follow the instructions under 43122347Spst"If OPIE Doesn't Work." Under NO circumstances should you send trouble 43222347Spstreports directly to the authors or contributors. 43322347Spst 43422347SpstTrademarks 43522347Spst========== 43622347SpstS/Key is a trademark of Bell Communications Research (Bellcore). 43722347SpstUNIX is a trademark of X/Open. 43822347SpstNRL is a trademark of the U. S. Naval Research Laboratory. 43922347Spst 44022347SpstAll other trademarks are trademarks of their respective owners. 44122347Spst 44222347SpstThe term "OPIE" is in the public domain and hence cannot be legally 44322347Spsttrademarked by anyone. 44422347Spst 44522347SpstCopyrights 44622347Spst========== 44729964Sache%%% portions-copyright-cmetz-96 44859118SkrisPortions of this software are Copyright 1996-1998 by Craig Metz, All Rights 44922347SpstReserved. The Inner Net License Version 2 applies to these portions of 45022347Spstthe software. 45122347SpstYou should have received a copy of the license with this software. If 45222347Spstyou didn't get a copy, you may request one from <license@inner.net>. 45322347Spst 45422347SpstPortions of this software are Copyright 1995 by Randall Atkinson and Dan 45522347SpstMcDonald, All Rights Reserved. All Rights under this copyright are assigned 45622347Spstto the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 45722347SpstLicense Agreement applies to this software. 45822347Spst 45922347SpstPortions of this software are copyright 1980-1990 Regents of the 46022347SpstUniversity of California, all rights reserved. The Berkeley Software 46122347SpstLicense Agreement specifies the terms and conditions for redistribution. 46222347Spst 46322347SpstPortions of this software are copyright 1990 Bell Communications Research 46422347Spst(Bellcore), all rights reserved. 465