Dan Kaminsky dankamin at
Tue Mar 20 10:14:39 EST 2001

> I won't speak for Markus or the other OpenBSD developers, but I don't
> believe we should include code for proprietary authentication systems
> into OpenSSH.


    Any objection to a "Userspace PAM", i.e. a password authenticating
equivalent to ProxyCommand for proxy tunneling?  I'd probably name it

    I can imagine this being absolutely trivial to write, and creating
patchless support for *whatever* people wanted to use.  Input would probably
not be appropriate through argv, considering ps issues.

    We'd of course monitor permissions on the password checker.

    It seems to me that a guiding philosophy of SSH as a whole has been
general purpose solutions to clustered sets of specific problems.  This
seems to qualify, no?

Yours Truly,

    Dan Kaminsky, CISSP

More information about the openssh-unix-dev mailing list