PAM, keyboard interactive, pam-1 at ssh.com, interoperability

[Darren Moffat]

>from!  Remember that SSH.COM was there first, and started the whole
>thing.  

OpenSSH did not take SSH protocol v2 code from SSH Inc.

SSH Inc even wrote the draft for keyboard interactive that they fail to
use.

In this case they have a fundamental misunderstanding of a technology
called PAM (that Sun invented and dontated to X/Open), they have taken
PAM to be what GSS actually is, PAM is not a network protocol it is an
API. That misunderstanding has made its way into code.

The correct way to resolve this is for people who care to lobby SSH Inc
to do the correct thing, not for other implementations to introduce
security weaknesses in the their code to give the illusion of
interoperability with SSH Inc.

--
Darren J Moffat