Partial authentication
erikvcl at silcom.com
erikvcl at silcom.com
Tue Dec 30 04:36:06 EST 2003
Dmitry,
The original partial authentication patch for the pre-privilege-separation
version of SSH was written by Carson Gaspar. An improvement on this patch
was made by Maciej Bogucki.
As an employee of Cyclades, I ported this patch to the current version of
SSH with privilege separation since we needed this functionality.
The work that I did is quite a hack, but it works well enough. I do not
have the extensive knowledge of SSH that I should have to make this kind
of improvement in as elegant a way as the core SSH developers.
Although I have passed my work along (and the code is available in our
product's freely-available CDK), there seems to be little interest in
partial authentication among the OpenSSH community (I've brought up this
topic before).
I would like to see partial authentication in OpenSSH as I think that it
is a valuable feature. It would be great to see improvements to the work
that I've done to turn a strictly functional patch into one that is
elegant and verified to be free of security concerns.
Regards,
Erik.
On Fri, 7 Nov 2003, Dmitry Berezin wrote:
> Hello,
>
> I would like to bring up the topic of possibly including partial
> authentication functionality into OpneSSH again - it was discussed a few
> weeks ago. I believe that implementing auth vectors was suggested as a way
> to achieve this.
> The reasoning behind the need for partial auth is that there are cases when
> multiple methods of authentication are required for the user to be
> successfully authenticated (password and SecureID for example).
> I just want to find out if there are any active plans for building this, or
> if there is a decision not to include partial auth in OpenSSH.
>
> Thank you,
>
> -Dmitry.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
Erik Lotspeich
Software Engineer, R&D
Cyclades Corporation
erik.lotspeich at cyclades.com
Phone: 510-771-6153
Fax: 510-771-6200
http://www.cyclades.com/
"Everywhere with Linux"
More information about the openssh-unix-dev
mailing list