PAM merge from FreeBSD
Damien Miller
djm at mindrot.org
Sat Jan 11 01:08:15 EST 2003
Frank Cusack wrote:
> TIS auth doesn't support PAM correctly.
> - can't pass info messages (although this isn't done correctly by openssh
> anyway)
> - can't pass the echo/don't echo flag
> - can't have multiple exchanges
I don't think we do any of these properly at the moment with privsep
(maybe "echo on"). The new code allows for echo/don't echo and the
possibility of multiple exchanges.
> As a server admin, I would never use TIS for PAM unless I was strictly doing
> challenge/response. I would assume that the client is going to echo the
> "response" entry.
The TIS support in the new patch defaults to echo off.
-d
More information about the openssh-unix-dev
mailing list