OpenSSH programming

Damien Miller djm at mindrot.org
Fri May 24 00:29:44 EST 2002


On Thu, 2002-05-23 at 00:41, Booker C. Bense wrote:
> On Wed, 22 May 2002, Natalia Currle-Linde wrote:
> 
> > Hello all,
> > is there any recent information on programming on how to add a new
> > authentication method into OpenSSH / OpenSSL ?!
> >
> > Is there any other way, to add a new authentication method into openssh
> > (one-time passwords), apart from adding the functions into sshconnect.c
> > and sshconnect2.c
> 
> - Probably the easiest way to accomplish this would be to write a
> PAM module. There are existing PAM modules for several different
> kinds of authentication methods. Try looking on sourceforge.net
> for some examples.

Yes, but you still need to hook PAM up to kbd-int properly. It is
currently broken with privsep. 

I posted a patch about 3 weeks ago to make it work, but got no feedback.
Since privsep is going to activate by default in future and (IMO)
privsep is more important than PAM, people really should start testing
this...

-d





More information about the openssh-unix-dev mailing list