SecurID
Dan Kaminsky
dankamin at cisco.com
Tue Mar 20 10:14:39 EST 2001
> I won't speak for Markus or the other OpenBSD developers, but I don't
> believe we should include code for proprietary authentication systems
> into OpenSSH.
Actually--
Any objection to a "Userspace PAM", i.e. a password authenticating
equivalent to ProxyCommand for proxy tunneling? I'd probably name it
AuthCommand.
I can imagine this being absolutely trivial to write, and creating
patchless support for *whatever* people wanted to use. Input would probably
not be appropriate through argv, considering ps issues.
We'd of course monitor permissions on the password checker.
It seems to me that a guiding philosophy of SSH as a whole has been
general purpose solutions to clustered sets of specific problems. This
seems to qualify, no?
Yours Truly,
Dan Kaminsky, CISSP
http://www.doxpara.com
More information about the openssh-unix-dev
mailing list