Bug 188014

Summary: Review Request: pam_otpw - One time password support for PAM
Product: [Fedora] Fedora Reporter: Luke Ross <luke>
Component: Package ReviewAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Fedora Package Reviews List <fedora-package-review>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: gauret
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-08 18:55:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 201449    

Description Luke Ross 2006-04-05 12:22:51 UTC 
Spec Name or Url: pam_otpw.spec
SRPM Name or Url: http://lukeross.name/pam_otpw-1.3-1.src.rpm
Description: 

The pam_otpw package consists of the one-time-password generator otpw-gen
plus a PAM module that provides auth and session stages. Login software
extended this way will allow reasonably secure user authentication over
insecure network lines. The user carries a password list on paper. The
scheme is designed to be robust against theft of the paper list and
race-for-the-last-letter attacks. Cryptographic hash values of the
one-time passwords are stored for verification in the user's home
directory.

This is a follow-on from bugzilla #188002. This is my first Extras package,
so needs sponsoring.
Comment 1 Tomas Mraz 2006-04-05 14:25:58 UTC 
rpmlint complaints on the srpm:
W: pam_otpw strange-permission otpw-1.3.tar.gz 0600
W: pam_otpw strange-permission pam_otpw.spec 0600
W: pam_otpw buildprereq-use pam-devel

(Use 644 perms and BuildRequires)

rpmlint complaints on the built rpm:
W: pam_otpw unstripped-binary-or-object /lib/security/pam_otpw.so
E: pam_otpw library-not-linked-against-libc /lib/security/pam_otpw.so

The Makefile must be patched so it calls gcc as a linker for the pam_otpw.so

Also the CFLAGS="$RPM_OPT_FLAGS" and LDFLAGS="$RPM_OPT_FLAGS" should be added to
the spec when calling make.
Comment 2 Luke Ross 2006-04-05 15:14:37 UTC 
Updated, please try http://lukeross.name/pam_otpw-1.3-2.src.rpm
Comment 3 Tomas Mraz 2006-04-05 15:42:45 UTC 
It still isn't quite right because you must call the
make as:
make CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_OPT_FLAGS"

instead of exporting the CFLAGS and LDFLAGS first.
And the Makefile should be patched to contain $(LDFLAGS) in all linker commands.
Comment 4 Luke Ross 2006-04-06 12:51:56 UTC 
Please try http://lukeross.name/pam_otpw-1.3-3.src.rpm 
 
Thanks.
Comment 5 Tomas Mraz 2006-04-07 07:22:00 UTC 
There's a mistake in the spec file. The pam_otpw.8 manpage is installed as
otpw-gen.8 (also in the %files section).

Also please patch the Makefile to contain $(LDFLAGS) in the linking of otpw-gen.
Comment 6 Luke Ross 2006-04-10 15:43:48 UTC 
Updated, http://lukeross.name/pam_otpw-1.3-4.src.rpm 
 
Thanks.
Comment 7 Tomas Mraz 2006-04-10 18:10:05 UTC 
All errors above seem to be corrected.

rpmlint doesn't complain anymore.

APPROVED

You should contact the upstream author to include the GPL License text in a
separate file too so it can be added as %doc file next time.

I'll sponsor you after you create your account and request sponsorship for the
FE CVS.
Comment 8 Tomas Mraz 2006-04-19 17:48:37 UTC 
Any problems with creating the account?
Comment 9 Tomas Mraz 2006-11-08 18:55:51 UTC 
No action from reporter.