pam, openssh and opie
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Sun Dec 3 06:53:08 EST 2000
The S/Key listed in the 'INSTALL' file in the current snapshot points to a
ported version of S/Key libraries from OpenBSD that is known to work with
Redhat and shadowing. However it does not support PAM from my
understanding. I'm unsure at this point if/when there will be support for
advanced PAM features such as alternate authenication.
- Ben
On Sat, 2 Dec 2000, Harondel J. Sibble wrote:
> Hello folks, this looks about the only place I can find on issues dealing
> with the subject line. The message that got me posting is included below the
> line of *'s.
>
> Basically I've tried getting this working with Pam authentication and using
> the new login binary that comes with Opie 2.32. No joy.
>
> I am using
> RedHat 6.0
> OpenSSH 2.3.0p1
> Pam 0.66-18
>
> I can get the opie challenge only on a console (no openssh), if I attempt to
> to include the opie_pam module in the /etc/pam.d/sshd file, all
> authentication fails and no login is possible. Has anyone come up with any
> workarounds. I had previously tried to get s/key working, but kept bumping up
> against the issue of s/key not supporting shadow passwords and the pam s/key
> module is a tad old....
>
>
> Any suggestions other than abandoning the whole OTP and OpenSSH idea?
>
> Note I am not a list member, so please cc me.
>
> TIA
>
>
> *************MESSAGE FROM ARCHIVES***************
>
>
> > mouring at pconline.com said:
> > > If I knew of a S/Key library outside of the code in the OpenBSD tree
> > > I'd be happy to compile it up under Linux and see if I can mimic this
> > > problem.
> >
> > There is the OPIE project - which appears to now be defunct and well
> > hidden.
> >
> > I have a working implementation on Linux, with source code taken from
> > http://www.inner.net/pub/opie/
> >
> > There is also a (basic) PAM implementation for authentication - I've
> > not even attempted to see if that works with openssh
> > http://www.tho.org/~andy/pam_opie-0.21.tar.gz
> >
> > Unfortunately single use passwords seem to have fallen out of favour -
> > slightly strange when generation of the passwords is nice and easy now
> > with Palm devices and the like.
> >
> > Nigel.
> >
>
>
>
>
> Harondel J. Sibble
> Sibble Computer Consulting
> Creating solutions for the small business and home computer user.
> help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
> (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
>
More information about the openssh-unix-dev
mailing list