Food for thought regarding PAM
Mike Fisk
mfisk at lanl.gov
Wed Dec 1 08:16:52 EST 1999
On Tue, 30 Nov 1999, Andrew Morgan wrote:
> I'd like to claim that the patch below is no worse than any other patch
> out there. Its actually a great deal cleaner than others that I've seen.
> It also adds support (off by default) for a new PAM-only authentication
> mode that activates if the client and server have PAM support compiled
> in.
I agree that it's a great design, but I'm very preoccupied by
compatibility with existing SSH clients and servers. What would be nice
is a way to use PAM within the server for RSA, Kerberos, etc. without
having to use a PAM protocol option.
BTW, I haven't fully groked the BINARY conversation thingy, but how does
it compare to/work with GSS-API? There are a growing number of daemons
that support GSS-API.
> Mike Fisk wrote:
> > Even if we can't find a nice way to do credential-based authentication,
>
> > On Mon, 29 Nov 1999, Tor-Ake Fransson wrote:
> > > But... what happens in the special case where you have to pass some strange
> > > data, like a login context?
>
> This should be covered.
>
> Cheers
>
> Andrew
>
--
=====================================================================
Mike Fisk | (505)667-5119 | MS B255
Network Engineering (CIC-5) | | Los Alamos National Lab
mfisk at lanl.gov | FAX: 665-7793 | Los Alamos, NM 87545
More information about the openssh-unix-dev
mailing list