CryptoCard patch

Pete Chown Pete.Chown at skygate.co.uk
Thu Sep 14 01:45:06 EST 2000


Igmar Palsenberg wrote:

> PAM just writes text to the terminal, and ask for responses. What the
> module actually does with it is of no interest to PAM.
> I've programmed about everything with it you an think of. 
> 
> You indeed would have to have a program that calculates the response, but
> that also applies to CryptoCard, bioscans, etc, etc.

I'm probably not making myself clear.  Of course, you can accept all
these different things with a PAM module.  The problem is that the
user has to do everything manually.  Using my CRAM-MD5 example, the
server would say, "here is the challenge".  The user would then have
to paste that into another application.  It would give the response,
and then the user would then have to copy the result back.

Of course, this works, but it is suboptimal.  Also, as everyone knows,
users don't implement security unless it is easy!

> [ I wrote: ]

> > What would be nice is some
> > kind of PAM-like system that works on the client [ .... ]

> Above scenario is no problem at all. Nothing prevents you from letting the
> client talk to the server in that case.

Not sure what you mean here, sorry.

-- 
Pete





More information about the openssh-unix-dev mailing list