i think this is great
David Berk
dberk at lump.org
Wed Sep 27 01:09:30 EST 2000
That sorta defeats the whole purpose of PAM doesn't it? I mean one could
just patch SecurID into sshd, but we want to auth other service off SecurID
as well and don't really want to maintain a ton of source trees.
Dave
-----Original Message-----
From: Damien Miller [mailto:djm at mindrot.org]
Sent: Monday, September 25, 2000 10:05 PM
To: Steve VanDevender
Cc: David Berk; 'Theo E. Schlossnagle'; openssh-unix-dev at mindrot.org
Subject: Re: i think this is great
On Mon, 25 Sep 2000, Steve VanDevender wrote:
> While looking for information on PAM problems or patches relating to
> Portable OpenSSH, I came across this previous posting to
> openssh-unix-dev:
>
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=96831742624299&w=2
>
> The patch is against OpenSSH 1.2.3, but looks like a much more thorough
> implementation of PAM support. I haven't tried integrating this into
> OpenSSH 2.2.0, however. The interesting thing about this patch is that
> it appears to try to support user dialogue by exchanging messages
> between the server and client via the SSH protocol, so it could work for
> noninteractive sessions and engage in user interaction before a session
> pty has been set up.
What puts me off about this patch is that it changes the protocol to
suit PAM. I would rather shoehorn PAM into the SSH way of doing things.
-d
--
| ``The power of accurate observation is | Damien Miller <djm at mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org
More information about the openssh-unix-dev
mailing list