Theo E. Schlossnagle jesus at
Tue Mar 20 09:59:08 EST 2001

Read the archive :-)

Will they accept the patch?  The OpenSSH project has made the policy clear --
no.  There is a "rogue" patch already for OpenSSH that support SecurID.  It is
used in production and is considered stable.

I have not ported the patch up to 2.5.1p1 because I have had _more_ problems
with 2.5.1p1 than with 2.3.0p1.  I have not been motivated to port it (should
take 15 minutes and it could even "fuzzy" patch out-of-the-box).

If people want this ported to 2.5.1p1, I will do it.  I got a slew of email to
port it to 2.3.0p1 and _not a single message_ to port it to 2.5.1p1 -- perhaps
people are seeing the same problems I am.

I was planning on porting on a more "stable" release than 2.5.1p1 (perhaps

The only issue I have with the OpenSSH group not accepting the patch is that
it makes it more inconvenient for other people to use it.  Other than that, I
could care less.    Many thanks to all of the participants of the OpenSSH
project.  Plain and simple, this product allows me to do my job.

Jeff Blaine wrote:
> When comparing SSH 1.2.27 with OpenSSH 2.5.1 I see that the SecurID
> code/patch is not in OpenSSH 2.5.1.
> I'm not sure how or why that happened.
> Upon looking through the OpenSSH 2.5.1 source, I think I could fairly
> easily provide a 'SecurID Authentication Method' patch (which would
> rely on -DHAVE_SECURID, -I/blah/securid/include, and
> -L/blah/securid/lib... /blah/securid being a proprietary product
> from Security Dynamics)
> I'm not committing to anything yet, but is this something that will
> be welcome if I do it?  ... or shall I just hack the source again
> to turn auth_password into something that does SecurID only for
> our specific needs.  Seems silly.

Theo Schlossnagle
1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E  2DC2 72C2 AD05 A8EB CF8F
2047R/33131B65/71 F7 95 64 49 76 5D BA  3D 90 B9 9F BE 27 24 E7

More information about the openssh-unix-dev mailing list