[Bug 659106] New: Review Request: pam_otpw - one-time-password module for PAM

bugzilla at redhat.com bugzilla at redhat.com
Wed Dec 1 22:40:34 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: pam_otpw - one-time-password module for PAM

https://bugzilla.redhat.com/show_bug.cgi?id=659106

           Summary: Review Request: pam_otpw - one-time-password module
                    for PAM
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: low
         Component: Package Review
        AssignedTo: nobody at fedoraproject.org
        ReportedBy: mweetman at redhat.com
         QAContact: extras-qa at fedoraproject.org
                CC: notting at redhat.com, fedora-package-review at redhat.com
             Group: private
   Estimated Hours: 0.0
    Classification: Fedora


Spec URL: http://killboy.yourdevlab.com/rpms/pam_otpw.spec
SRPM URL: http://killboy.yourdevlab.com/rpms/pam_otpw-1.4-1.fc13.src.rpm
Description: The OTPW package consists of the one-time-password generator
otpw-gen plus two
verification routines otpw_prepare() and otpw_verify() that can easily be added
to programs such as login or ftpd on POSIX systems. For platforms that support
the Pluggable Authentication Method (PAM) interface, a suitable wrapper is
included as well. Login software extended this way will allow reasonably secure
user authentication over insecure network lines. The user carries a password
list on paper. The scheme is designed to be robust against theft of the paper
list and race-for-the-last-letter attacks. Cryptographic hash values of the
one-time passwords are stored for verification in the user’s home directory.

Notes: 
This was requested for review previously by Luke Ross here
https://bugzilla.redhat.com/show_bug.cgi?id=188014 but seems to have fallen by
the wayside.

I used the latest development snapshot dated 28-Mar-2004 from
http://www.cl.cam.ac.uk/~mgk25/download/otpw-snapshot.tar.gz, it's listed in
the README as 1.4 but not officially released, not sure if this is ok ?

I also modified Makefile in accordance with the notes in BZ188014 and added the
GPL LICENSE file, please review this too.

This package will need a sponsor.

cheers

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list