OpenSSH 2.3.0p1 port to BSDI BSD/OS
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Sat Feb 17 08:58:49 EST 2001
On Fri, Feb 16, 2001 at 04:38:03PM -0500, David J. MacKenzie wrote:
> > +#ifdef BSD_AUTH
> > + if (auth_userokay(pw->pw_name, NULL, "auth-ssh", (char *)password) == 0)
> > + return 0;
> > + else
> > + return 1;
> > +#endif
> >
> > #ifdef KRB4
> > if (options.kerberos_authentication == 1) {
>
> That ignores any style specified by the user.
it does not, see below.
> As in, "ssh -l djm:skey host" or "-l djm:passwd".
> The NULL should be authctxt->style, except that the auth context
> isn't passed to that function.
skey is handled in auth-chall.c
turn on 'challengeresponseauthentication=yes' in .ssh/config
1) in SSH1: ssh -l markus:skey host
2) in SSH2: ssh -l markus -o 'kbdinteractivedevice=crypto' host
i'll change that to markus:crypto in ssh2, too.
> > Index: session.c
> > @@ -837,8 +833,13 @@
> > (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
> > perror("unable to set user context");
> > exit(1);
> > -
> > }
> > +#ifdef BSD_AUTH
> > + if (auth_approval(NULL, lc, pw->pw_name, "auth-ssh") <= 0) {
> > + perror("Approval failure");
> > + exit(1);
> > + }
> > +#endif
> > #else
> > if (setlogin(pw->pw_name) < 0)
> > error("setlogin failed: %s", strerror(errno));
>
> The arg to auth_approval shouldn't start with "auth-" on BSD/OS.
> It should be either just "ssh" or "approve-ssh", because auth_approval()
yes, you are right, i was unsure about this.
any other problem?
both cryptocard or skey work fine with the patch,
in ssh1 and ssh2.
-markus
More information about the openssh-unix-dev
mailing list