Initial patch to implement partial auth with SSH2
Karl M
karlm30 at hotmail.com
Fri Apr 20 18:29:42 EST 2001
Hi All...
I've been experimenting with the partial authorization patch for
OpenSSH-2.5.2. I'm using CygWin on a Windows 2000 (SP1) box.
I noticed a bug in the patch that shows up for CygWin users. The problem is
that publickey authentication only works if sshd is running with the same
user-id as the ssh client. When I run sshd as a service with a user-id of
LocalSystem publickey authentication fails.
This is because the check_nt_auth call in userauth-pubkey fails if the ssh
user-id is different from the sshd user-id.
It looks to me like userauth_pubkey needs to "suspend disbelief" (and not
call check_nt_auth and auth_password) for partial authentication, in the
hope that a password may come later. Then somewhere check_nt_auth
auth_password need to be called to make sure that we don't forget to set the
sshd user-id to the ssh user-id.
Thanks,
...Karl
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the openssh-unix-dev
mailing list