CryptoCard patch
Igmar Palsenberg
i.palsenberg at jdimedia.nl
Thu Sep 14 01:58:13 EST 2000
> I'm probably not making myself clear. Of course, you can accept all
> these different things with a PAM module. The problem is that the
> user has to do everything manually. Using my CRAM-MD5 example, the
> server would say, "here is the challenge". The user would then have
> to paste that into another application. It would give the response,
> and then the user would then have to copy the result back.
>
> Of course, this works, but it is suboptimal. Also, as everyone knows,
> users don't implement security unless it is easy!
Letting the client side so almost everything is can be less secure, and
requires a modified client.
> > > What would be nice is some
> > > kind of PAM-like system that works on the client [ .... ]
>
> > Above scenario is no problem at all. Nothing prevents you from letting the
> > client talk to the server in that case.
>
> Not sure what you mean here, sorry.
What I meant to say is that nothing prevents the PAM module from opening a
TCP connection back to the client, and exchange data that way.
Regards,
Igmar
--
Igmar Palsenberg
JDI Media Solutions
Jansplaats 11
6811 GB Arnhem
The Netherlands
mailto: i.palsenberg at jdimedia.nl
PGP/GPG key : http://www.jdimedia.nl/formulier/pgp/igmar
More information about the openssh-unix-dev
mailing list