pam/radius, SecurID, any news?

Damien Miller djm at
Tue Mar 6 17:50:12 EST 2001

On Tue, 6 Mar 2001 carl at wrote:

> I've been through the archive, and not found anything
> conclusive, except for a problem report of sorts from
> Theo E. Schlossnag (who has a set of patches for SecurID
> integration).
> I'm about to replace some ssh 1.2.26 (I know!) installations
> with OpenSSH 2.5.1p2, on Solaris 2.6 sparc boxes, and
> we use SecurID tokens for these boxes.
> I've compiled up OpenSSH 2.5.1p2 with --with-pam, and
> thrown pam-radius 1.3.11 into a package, and I think it'll
> work, but I can't test on the boxes that need the tokens
> without jumping through a lot of firewall admin hoops.

If you limit yourself to SSH protocol 2, using
ChallengeResponseAuthentication, then just about any PAM module should

Not that I have tried them all :)

If you are concerned about locking yourself out of a box, you can always
run OpenSSH on a high numbered port (2222 is a favourite) while testing.


| Damien Miller <djm at> \ ``E-mail attachments are the poor man's
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list