OpenSSH 2.3.0p1 port to BSDI BSD/OS

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Sat Feb 17 08:58:49 EST 2001


On Fri, Feb 16, 2001 at 04:38:03PM -0500, David J. MacKenzie wrote:
> > +#ifdef BSD_AUTH
> > +	if (auth_userokay(pw->pw_name, NULL, "auth-ssh", (char *)password) == 0)
> > +		return 0;
> > +	else
> > +		return 1;
> > +#endif
> >  
> >  #ifdef KRB4
> >  	if (options.kerberos_authentication == 1) {
> 
> That ignores any style specified by the user.

it does not, see below.

> As in, "ssh -l djm:skey host" or "-l djm:passwd".
> The NULL should be authctxt->style, except that the auth context
> isn't passed to that function.

skey is handled in auth-chall.c
turn on 'challengeresponseauthentication=yes' in .ssh/config

1) in SSH1: ssh -l markus:skey host
2) in SSH2: ssh -l markus -o 'kbdinteractivedevice=crypto' host

i'll change that to markus:crypto in ssh2, too.

> > Index: session.c
> > @@ -837,8 +833,13 @@
> >  			    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
> >  				perror("unable to set user context");
> >  				exit(1);
> > -
> >  			}
> > +#ifdef BSD_AUTH
> > +			if (auth_approval(NULL, lc, pw->pw_name, "auth-ssh") <= 0) {
> > +				perror("Approval failure");
> > +				exit(1);
> > +			}
> > +#endif
> >  #else
> >  			if (setlogin(pw->pw_name) < 0)
> >  				error("setlogin failed: %s", strerror(errno));
> 
> The arg to auth_approval shouldn't start with "auth-" on BSD/OS.
> It should be either just "ssh" or "approve-ssh", because auth_approval()

yes, you are right, i was unsure about this.

any other problem?

both cryptocard or skey work fine with the patch,
in ssh1 and ssh2.

-markus





More information about the openssh-unix-dev mailing list