PAM & Configure

Andrew Morgan morgan at transmeta.com
Wed Jan 17 12:08:37 EST 2001


The Linux implementation didn't embrace all of the X/Open draft. It had
a whole lot of half thought out domain and secondary sign on extensions
that weren't well designed.

It is true that the Linux implementation extended stuff a little. But we
have strived very hard to maintain backward compatibility with the
original Sunsoft RFC.

I believe that the root of Damien's problem is that Linux distributions
ship with a default deny option for the 'other' service, whereas other
implementations ship with an 'other' that permits service. Also the
pam_unix module is not necessarily the default configuration on all
systems, so providing a default sshd configuration file (without which
sshd won't work out of the box) is not a trivial task.

It seems that third parties will want to package openshh in their own
format (not just as source code), so I can well understand this
decision.

Cheers

Andrew





More information about the openssh-unix-dev mailing list