Partial authentication
Erik Lotspeich
erik.lotspeich at cyclades.com
Tue Dec 30 10:29:12 EST 2003
Dmitry,
The version of the patch in the Cyclades CDK will not work for standard
purposes -- it is only useful to those who have Cyclades products.
I will make an effort to send you my version of the patch without all the
Cyclades-specific stuff.
Hope this helps,
Erik.
On Mon, 29 Dec 2003, Dmitry Berezin wrote:
> Erik,
>
> I tried to download CDK from your site, but it requires valid serial number
> for one of your products. Is there any other way you could share your work?
> I'd be glad to spend some time working on this patch, but afraid that I too
> do not have enough expertise in SSH development to bring it to the right
> level.
>
> -Dmitry.
>
> > -----Original Message-----
> > From: openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org
> > [mailto:openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org] On
> > Behalf Of erikvcl at silcom.com
> > Sent: Monday, December 29, 2003 12:36 PM
> > To: Dmitry Berezin
> > Cc: openssh-unix-dev at mindrot.org
> > Subject: Re: Partial authentication
> >
> > Dmitry,
> >
> > The original partial authentication patch for the pre-privilege-separation
> > version of SSH was written by Carson Gaspar. An improvement on this patch
> > was made by Maciej Bogucki.
> >
> > As an employee of Cyclades, I ported this patch to the current version of
> > SSH with privilege separation since we needed this functionality.
> > The work that I did is quite a hack, but it works well enough. I do not
> > have the extensive knowledge of SSH that I should have to make this kind
> > of improvement in as elegant a way as the core SSH developers.
> >
> > Although I have passed my work along (and the code is available in our
> > product's freely-available CDK), there seems to be little interest in
> > partial authentication among the OpenSSH community (I've brought up this
> > topic before).
> >
> > I would like to see partial authentication in OpenSSH as I think that it
> > is a valuable feature. It would be great to see improvements to the work
> > that I've done to turn a strictly functional patch into one that is
> > elegant and verified to be free of security concerns.
> >
> > Regards,
> >
> > Erik.
> >
> > On Fri, 7 Nov 2003, Dmitry Berezin wrote:
> >
> > > Hello,
> > >
> > > I would like to bring up the topic of possibly including partial
> > > authentication functionality into OpneSSH again - it was discussed a few
> > > weeks ago. I believe that implementing auth vectors was suggested as a
> > way
> > > to achieve this.
> > > The reasoning behind the need for partial auth is that there are cases
> > when
> > > multiple methods of authentication are required for the user to be
> > > successfully authenticated (password and SecureID for example).
> > > I just want to find out if there are any active plans for building this,
> > or
> > > if there is a decision not to include partial auth in OpenSSH.
> > >
> > > Thank you,
> > >
> > > -Dmitry.
> > >
> > > _______________________________________________
> > > openssh-unix-dev mailing list
> > > openssh-unix-dev at mindrot.org
> > > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> > >
> >
> > --
> > Erik Lotspeich
> > Software Engineer, R&D
> > Cyclades Corporation
> > erik.lotspeich at cyclades.com
> > Phone: 510-771-6153
> > Fax: 510-771-6200
> > http://www.cyclades.com/
> > "Everywhere with Linux"
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
--
Erik Lotspeich
Software Engineer, R&D
Cyclades Corporation
erik.lotspeich at cyclades.com
Phone: 510-771-6153
Fax: 510-771-6200
http://www.cyclades.com/
"Everywhere with Linux"
More information about the openssh-unix-dev
mailing list