PAM merge from FreeBSD
Frank Cusack
fcusack at fcusack.com
Sat Jan 11 05:20:22 EST 2003
On Sat, Jan 11, 2003 at 01:08:15AM +1100, Damien Miller wrote:
> Frank Cusack wrote:
> > TIS auth doesn't support PAM correctly.
> > - can't pass info messages (although this isn't done correctly by openssh
> > anyway)
> > - can't pass the echo/don't echo flag
> > - can't have multiple exchanges
>
> I don't think we do any of these properly at the moment with privsep
> (maybe "echo on"). The new code allows for echo/don't echo and the
> possibility of multiple exchanges.
Anyone that's using protocol 1 is probably using an older client that doesn't
have these updates.
To be clear: I *like* removing PAM from all but kbdint; the other auth
methods cannot support it properly. But I think you will sacrifice too
much in backwards compatibility. I certainly could not support such a
setup. I wish anyone else on this list who would have problems with this
would chime in ... If none, it might be safe to assume it's not an issue
after all.
/fc
More information about the openssh-unix-dev
mailing list