PAM merge from FreeBSD

Damien Miller djm at mindrot.org
Sat Jan 11 01:08:15 EST 2003


Frank Cusack wrote:
> TIS auth doesn't support PAM correctly.
>  - can't pass info messages (although this isn't done correctly by openssh
> 			     anyway)
>  - can't pass the echo/don't echo flag
>  - can't have multiple exchanges

I don't think we do any of these properly at the moment with privsep 
(maybe "echo on"). The new code allows for echo/don't echo and the 
possibility of multiple exchanges.

> As a server admin, I would never use TIS for PAM unless I was strictly doing
> challenge/response.  I would assume that the client is going to echo the
> "response" entry.

The TIS support in the new patch defaults to echo off.

-d





More information about the openssh-unix-dev mailing list