PAM, keyboard interactive, pam-1 at ssh.com, interoperability

[Damien Miller]

On Thu, 29 Nov 2001 carl at bl.echidna.id.au wrote:

> Where would we be if Eric Allman didn't make sendmail 
> interact better with M$'s broken SMTP AUTH?  If Apache
> insisted on only supporting "proper" HTTP?  If Mozilla only parsed 
> 100% legal HTML (if anyone can define that anyway?). If
> your resolver library rejected A records with _'s in them?  The world's
> full of these compromises.

We are not talking about a few tweaks necessary to implement the 
Robustness Principle (we have lots of those already) - we are talking 
about adding a whole protocol exchange.

>  It's how we get stuff done.  OpenSSH
> is a tool to to a job.  The job is secure, authenticated
> connections between computers.  If a few compromises here and 
> there get made to help it interact with other vendors (broken
> or otherwise), is that such a bad thing? 

Yes - it bloats OpenSSH, increases the divergence between OpenBSD 
and portable and make our code more difficult to audit.

Why not spend this effort trying to get ssh.com to support 
kbd-interactive? Then everyone would be happy.

-d

-- 
| By convention there is color,       \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)