PAM merge from FreeBSD
Damien Miller
djm at mindrot.org
Fri Jan 10 12:44:51 EST 2003
Hi,
The attached patch is a merge of Dag-Erling Smorgrav's PAM support for
OpenSSH (from FreeBSD). IMO it is a good deal cleaner than the existing
PAM code and I'd like to see it imported soon.
The code removes the existing PAM password authentication in favor of
doing it all via keyboard-interactive. The diff therefore removes the
PAMAuthenticationViaKbdInt config item.
It also has support for POSIX threads, which is needed (I'm told) for
modules like pam_krb5. I have tested this with my basic PAM config, but
the patch doesn't include the configure glue to make it work.
Since this is a disruptive change, I'd like to get some testing and
feedback before committing. Please give the attached patch a try on as
many platforms as possible (as many PAM configs as possible too).
FYI to those who want to read, but not apply the patch: the file
auth-pam.c is completely replaced and is therefore pretty unreadable in
the diff. The new version is also attached for your perusal.
-d
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-pam.diff
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030110/38632072/attachment.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: auth-pam.c
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030110/38632072/attachment.c
More information about the openssh-unix-dev
mailing list