Partial authentication

Dmitry Berezin dberezin at acs.rutgers.edu
Tue Dec 30 09:56:52 EST 2003


Erik,

I tried to download CDK from your site, but it requires valid serial number
for one of your products. Is there any other way you could share your work?
I'd be glad to spend some time working on this patch, but afraid that I too
do not have enough expertise in SSH development to bring it to the right
level.

  -Dmitry.

> -----Original Message-----
> From: openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org
> [mailto:openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org] On
> Behalf Of erikvcl at silcom.com
> Sent: Monday, December 29, 2003 12:36 PM
> To: Dmitry Berezin
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Partial authentication
> 
> Dmitry,
> 
> The original partial authentication patch for the pre-privilege-separation
> version of SSH was written by Carson Gaspar.  An improvement on this patch
> was made by Maciej Bogucki.
> 
> As an employee of Cyclades, I ported this patch to the current version of
> SSH with privilege separation since we needed this functionality.
> The work that I did is quite a hack, but it works well enough.  I do not
> have the extensive knowledge of SSH that I should have to make this kind
> of improvement in as elegant a way as the core SSH developers.
> 
> Although I have passed my work along (and the code is available in our
> product's freely-available CDK), there seems to be little interest in
> partial authentication among the OpenSSH community (I've brought up this
> topic before).
> 
> I would like to see partial authentication in OpenSSH as I think that it
> is a valuable feature.  It would be great to see improvements to the work
> that I've done to turn a strictly functional patch into one that is
> elegant and verified to be free of security concerns.
> 
> Regards,
> 
> Erik.
> 
> On Fri, 7 Nov 2003, Dmitry Berezin wrote:
> 
> > Hello,
> >
> > I would like to bring up the topic of possibly including partial
> > authentication functionality into OpneSSH again - it was discussed a few
> > weeks ago. I believe that implementing auth vectors was suggested as a
> way
> > to achieve this.
> > The reasoning behind the need for partial auth is that there are cases
> when
> > multiple methods of authentication are required for the user to be
> > successfully authenticated (password and SecureID for example).
> > I just want to find out if there are any active plans for building this,
> or
> > if there is a decision not to include partial auth in OpenSSH.
> >
> >   Thank you,
> >
> >   -Dmitry.
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> 
> --
> Erik Lotspeich
> Software Engineer, R&D
> Cyclades Corporation
> erik.lotspeich at cyclades.com
> Phone:  510-771-6153
> Fax:    510-771-6200
> http://www.cyclades.com/
> "Everywhere with Linux"
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev




More information about the openssh-unix-dev mailing list