pam/radius, SecurID, any news?
Damien Miller
djm at mindrot.org
Tue Mar 6 17:50:12 EST 2001
On Tue, 6 Mar 2001 carl at bl.echidna.id.au wrote:
>
> I've been through the archive, and not found anything
> conclusive, except for a problem report of sorts from
> Theo E. Schlossnag (who has a set of patches for SecurID
> integration).
>
> I'm about to replace some ssh 1.2.26 (I know!) installations
> with OpenSSH 2.5.1p2, on Solaris 2.6 sparc boxes, and
> we use SecurID tokens for these boxes.
>
> I've compiled up OpenSSH 2.5.1p2 with --with-pam, and
> thrown pam-radius 1.3.11 into a package, and I think it'll
> work, but I can't test on the boxes that need the tokens
> without jumping through a lot of firewall admin hoops.
If you limit yourself to SSH protocol 2, using
ChallengeResponseAuthentication, then just about any PAM module should
work.
Not that I have tried them all :)
If you are concerned about locking yourself out of a box, you can always
run OpenSSH on a high numbered port (2222 is a favourite) while testing.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list