SIA support patches for Tru64 UNIX
John P Speno
speno at isc.upenn.edu
Wed May 3 23:59:23 EST 2000
I think I'm ready with the SIA (Security Integration Architecture) patches
for Tru64 UNIX. All of the code was written by Tom Woodburn, an engineer
at Compaq. I've only performed integration and testing of the patches with
more help from Tom. Tom's original patches were included in the "other"
ssh. We'd both like to see SIA support get into OpenSSH.
SIA provides PAM-like functionality on Tru64 UNIX systems. There are two
choices for SIA out of the box: base or enhanced security. Base security
is plain old BSD-style /etc/passwd. Enhanced Security provides C2
security. Other SIA modules can be created and added. For example, there
are some for S/Key and Kerberos.
These patches should work regardless of a system's current security mode,
however they have only been tested with the two "default" SIA choices,
base and enhanced security.
Anyway, I do need some guidance on how to package them up and there are
still some issues which I haven't solved.
I've got patches for two existing files:
auth-passwd.c
sshd.c
I've also got two new files:
auth-sia.h
auth-sia.c
How should the patches and files get packaged together? (I'm not sure how
to create a patch for a file where none existed before).
On Tru64 UNIX systems, the USE_SIA macro needs to be defined, and sshd
needs to be built using -lsecurity. I don't know how to hack the configure
process to make this happen. I'd like to learn, but I'd be happy not to
have to learn also. :-)
Thanks.
More information about the openssh-unix-dev
mailing list