OpenPGP auth
sen_ml at eccosys.com
sen_ml at eccosys.com
Tue Aug 1 15:04:05 EST 2000
sorry for the late response.
From: Pete Chown <Pete.Chown at skygate.co.uk>
Subject: OpenPGP auth
Date: Wed, 26 Jul 2000 18:24:11 +0100
Message-ID: <20000726182411.C6904 at hyena.skygate.co.uk>
> sen_ml at eccosys.com wrote:
>
> > so, are you going to write an openpgp packet manipulation library?
>
> At present I am just invoking the gnupg binary. I think the gnupg
> people have a project to create a library, so I would probably be
> duplicating work. (Also it would be a *lot* of work -- much more than
> just doing OpenPGP authentication for OpenSSH.)
iirc, the gnupg people are not working on an openpgp packet
manipulation library. you might want to confirm this w/ them.
it may be a lot of work, but i was hoping someone could take it up ;-)
> > that'd be very useful for other purposes as well -- for instance, it
> > could be used to write a pam module that will allow a
> > challenge-and-response type of authentication using openpgp keys.
>
> That's an interesting idea... Also you could do a SASL method that
> used OpenPGP.
yes, i suppose that could be done.
> Actually how about a SASL or GSSAPI method that uses ssh? Then if
> you use IMAP forwarded by ssh, you don't have to worry about sending
> a password.
i guess that's true if you don't use password authentication,
presumably.
i think i prefer the idea of an sasl method that uses openpgp or a
pam-based method to trying the sasl/gssapi method that uses ssh.
More information about the openssh-unix-dev
mailing list