Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 188014 - Review Request: pam_otpw - One time password support for PAM
Summary: Review Request: pam_otpw - One time password support for PAM
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Package Reviews List
Depends On:
TreeView+ depends on / blocked
Reported: 2006-04-05 12:22 UTC by Luke Ross
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-11-08 18:55:51 UTC

Attachments (Terms of Use)

Description Luke Ross 2006-04-05 12:22:51 UTC
Spec Name or Url: pam_otpw.spec
SRPM Name or Url:

The pam_otpw package consists of the one-time-password generator otpw-gen
plus a PAM module that provides auth and session stages. Login software
extended this way will allow reasonably secure user authentication over
insecure network lines. The user carries a password list on paper. The
scheme is designed to be robust against theft of the paper list and
race-for-the-last-letter attacks. Cryptographic hash values of the
one-time passwords are stored for verification in the user's home

This is a follow-on from bugzilla #188002. This is my first Extras package,
so needs sponsoring.

Comment 1 Tomas Mraz 2006-04-05 14:25:58 UTC
rpmlint complaints on the srpm:
W: pam_otpw strange-permission otpw-1.3.tar.gz 0600
W: pam_otpw strange-permission pam_otpw.spec 0600
W: pam_otpw buildprereq-use pam-devel

(Use 644 perms and BuildRequires)

rpmlint complaints on the built rpm:
W: pam_otpw unstripped-binary-or-object /lib/security/
E: pam_otpw library-not-linked-against-libc /lib/security/

The Makefile must be patched so it calls gcc as a linker for the

Also the CFLAGS="$RPM_OPT_FLAGS" and LDFLAGS="$RPM_OPT_FLAGS" should be added to
the spec when calling make.

Comment 2 Luke Ross 2006-04-05 15:14:37 UTC
Updated, please try 

Comment 3 Tomas Mraz 2006-04-05 15:42:45 UTC
It still isn't quite right because you must call the
make as:

instead of exporting the CFLAGS and LDFLAGS first.
And the Makefile should be patched to contain $(LDFLAGS) in all linker commands.

Comment 4 Luke Ross 2006-04-06 12:51:56 UTC
Please try 

Comment 5 Tomas Mraz 2006-04-07 07:22:00 UTC
There's a mistake in the spec file. The pam_otpw.8 manpage is installed as
otpw-gen.8 (also in the %files section).

Also please patch the Makefile to contain $(LDFLAGS) in the linking of otpw-gen.

Comment 6 Luke Ross 2006-04-10 15:43:48 UTC

Comment 7 Tomas Mraz 2006-04-10 18:10:05 UTC
All errors above seem to be corrected.

rpmlint doesn't complain anymore.


You should contact the upstream author to include the GPL License text in a
separate file too so it can be added as %doc file next time.

I'll sponsor you after you create your account and request sponsorship for the

Comment 8 Tomas Mraz 2006-04-19 17:48:37 UTC
Any problems with creating the account?

Comment 9 Tomas Mraz 2006-11-08 18:55:51 UTC
No action from reporter.

Note You need to log in before you can comment on or make changes to this bug.