configurable authenticator
Jason Stone
jason at shalott.net
Wed Apr 11 10:26:39 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I have set it up so that sshd needs to know almost nothing about the
> external authenticator. It just knows that it accepts the userid and
> password via stdin, and that it exits with zero or not. The external
> authenticator is configured in sshd_config something like so:
>
> ExternalAuthenticator /usr/local/bin/ext_auth
>
> In my case, ext_auth is a compiled C program that calls up a central
> authentication serve, and it does its own syslogging.
Perhaps a better way to do this would be via pam. Since openssh is
already pam-aware, you could re-write your ext_auth program as a pam
module and just add it to the pam configuration for sshd. This has the
benefits that:
1) You don't have to hack any code.
2) Other pam-aware apps (eg, apache) can auth to your master
authentication list.
-Jason
---------------------------
If the Revolution comes to grief, it will be because you and those you
lead have become alarmed at your own brutality. --John Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE606TFswXMWWtptckRAhXdAKCFbpyTyfdD6mEmr8CigVJyft3qxACg8hAu
W/V2Yr6qGQ694V9F6ZzYltI=
=SIv8
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list