[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
Frank Cusack
fcusack at fcusack.com
Mon Nov 11 10:51:46 EST 2002
On Sun, Nov 10, 2002 at 03:13:53PM +0100, Michael Steffens wrote:
> Frank Cusack wrote:
> > Not so fast there. :-) Look in the bugs db for a TISviaPAM patch. This
> > uses the ssh1 TIS auth method to do the same thing that kbdint does.
>
> Here I'm confused. Assuming that you mean
>
> http://bugzilla.mindrot.org/show_bug.cgi?id=118
That is what I meant.
> and that it does challenge/response authentication, can it
> replace the password authentication part?
No. Sorry to have indicated that.
On further review, that patch isn't quite an "ssh1 kbdint equivalent", and
wouldn't be safe to modify into a password authentication mechanism. I can
go into length on the details if desired. The only thing that patch is
useful for is challenge/response type auths, eg S/Key. This is a limitation
of protocol 1.
There's no reason a new auth type couldn't be added to protocol 1, however.
It wouldn't be portable though. I think it's unlikely that any new ssh1
auth would be picked up by any implementation, even openssh.
/fc
More information about the openssh-unix-dev
mailing list