CryptoCard patch

Igmar Palsenberg i.palsenberg at jdimedia.nl
Thu Sep 14 01:58:13 EST 2000


> I'm probably not making myself clear.  Of course, you can accept all
> these different things with a PAM module.  The problem is that the
> user has to do everything manually.  Using my CRAM-MD5 example, the
> server would say, "here is the challenge".  The user would then have
> to paste that into another application.  It would give the response,
> and then the user would then have to copy the result back.
> 
> Of course, this works, but it is suboptimal.  Also, as everyone knows,
> users don't implement security unless it is easy!

Letting the client side so almost everything is can be less secure, and
requires a modified client. 

> > > What would be nice is some
> > > kind of PAM-like system that works on the client [ .... ]
> 
> > Above scenario is no problem at all. Nothing prevents you from letting the
> > client talk to the server in that case.
> 
> Not sure what you mean here, sorry.

What I meant to say is that nothing prevents the PAM module from opening a
TCP connection back to the client, and exchange data that way.


	Regards,

		Igmar


--
Igmar Palsenberg
JDI Media Solutions

Jansplaats 11
6811 GB Arnhem
The Netherlands

mailto: i.palsenberg at jdimedia.nl
PGP/GPG key : http://www.jdimedia.nl/formulier/pgp/igmar






More information about the openssh-unix-dev mailing list