SecurID patch.

Theo E. Schlossnagle jesus at omniti.com
Fri Jan 5 10:07:45 EST 2001


Actually, what I am talking about is integrating the SecurID patches into
OpenSSH.  The question was posed "what is wrong with PAM+kbdinteractive"

So, my answer is that it doesn't support protocol 1, which is necessary for
me.  Using login is not an option because it screws with things like scp and
cvs and rsync.

My SecurID patches work fine AFAIK.  I have no problems with them and I
haven't received any bug reports.

I just want to know if the patches I wrote for SecurID could be integrated
into the OpenSSH distribution so that I don't have to port them to each new
release and can just fix things in a more developmental manner.  I *do not*
want to tell the maintainer what to do -- I am the maintainer of more an one
project and I know that is not my place.

I *do* think they are worthwhile having in the OpenSSH dist because the PAM
support doesn't cut it.  Frankly, we all know it is easier to maintain
something inside a project than it is to maintain a patchset -- ecspecially
one that requires autoconf to be run.

I run openssh-2.3.0p1 and 2.2.0p1 with SecurID patch on over 50 machines and I
have not once had a problem.  But, I cannot, for the life of me, get any
acceptable operation from a ssh-1.2.xx or Windows protocol 1 client to OpenSSH
using a PAM SecurID module.  As a side note, I have trouble with the
kbdinteractive mode using protocol 2 from OpenSSH client -> OpenSSH server.

"Smith, Donald" wrote:
> Theo can you be more specfic?
> I have been working on the ssh1.2.30 with securid patch for a while now and
> it works fine.
> I am in the process of loading your patch on a openssh2.3 right now and if
> your haveing
> problems it would be helpful to know what errors your getting.

-- 
Theo Schlossnagle
1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E  2DC2 72C2 AD05 A8EB CF8F
2047R/33131B65/71 F7 95 64 49 76 5D BA  3D 90 B9 9F BE 27 24 E7





More information about the openssh-unix-dev mailing list