PAM merge from FreeBSD

Damien Miller djm at mindrot.org
Sat Jan 11 09:35:30 EST 2003


Frank Cusack wrote:
>>I don't think we do any of these properly at the moment with privsep 
>>(maybe "echo on"). The new code allows for echo/don't echo and the 
>>possibility of multiple exchanges.
> 
> Anyone that's using protocol 1 is probably using an older client that doesn't
> have these updates.

I don't understand - the vast majority of people will be using a client 
with the necessary support. This includes (at least) OpenSSH, SSH.COM, 
PuTTY, MindTerm and F-Secure. (The first two alone have over 94% market 
share).

Those who don't have a client which supports kbdint can fallback to 
password auth, uograde their client or not upgrade the which ever 
version includes PAM via kbdint.

-d





More information about the openssh-unix-dev mailing list