Food for thought regarding PAM

Mike Fisk mfisk at lanl.gov
Tue Nov 30 04:45:49 EST 1999


I'm new to this list, so please forgive me if this has been discussed
before.  

It appears that one of the (commendable) design goals of OpenSSH is to
re-use existing open-source libraries wherever possible in order to
simplify the OpenSSH code and hopefully improve security in the process.

As exhibited by the current, non-open SSH, supporting all of the nuances
of authentication and logins on multiple platforms creates a lot of cases
to be handled by the code.

Would it not be more productive in the long run to create PAM modules that
support all the various forms of authentication and logins?  Then you can
keep the SSH code simple, re-use existing vendor and open-source modules,
and contribute to the set of open-source modules?

It is true that PAM is not present on many platforms, but I presume 
that PAM could be ported to any system that supports dynamic
linking and, if necessary, could even be statically linked if
necessary.

Again, it may not be the quickest path, but it might be more productive in
the long run.

=====================================================================
Mike Fisk                   | (505)667-5119 | MS B255
Network Engineering (CIC-5) |               | Los Alamos National Lab
mfisk at lanl.gov              | FAX: 665-7793 | Los Alamos, NM  87545






More information about the openssh-unix-dev mailing list