SecurID authentication for 3.6.1p2 with privsep

Scott Burch scott.burch at
Sat Jun 14 05:10:33 EST 2003


Thanks for the update. I have tested your new patch and everything works
great with privilege separation. I was also able to apply your patch
along with Darren Tucker's password expiration patch. If anyone has
questions about using Vaclav's patch on Solaris let me know. The
packages I build for my site include support for password expiration and
securid with privilege separation enabled. Currently I target Solaris
2.6 through Solaris 8. I build static binaries so that I don't rely on
external libraries.Oh, I also build in support for tcp_wrappers.

I use the ACE Agent SDK and Ace Server 5. Previously I used your patch
with 3.5p1 and tested it with putty, SecureFX, SecureCRT, and filezilla.

Selective access to various authentication types would be useful. If I
want to enforce securid authentication currently I disable password and
publickey authentication, but it might be nice to configure this
differently for different users.


On Tue, 2003-06-10 at 04:30, Václav Tomec wrote:
> Hello all,
> I have made SecurID authentication for OpenSSH 3.6.1p2.
> This patch was totaly rewritten, so please test it before use.
> Kbd-int authentication is now integrated into challenge response
> auth. 
> Privsep is now fully suported.
> PS: What do you think of selective access to the individual
> authentications, similar to AllowGroups/DenyGroups or maybe
> AllowUsers/DenyUsers ?
> Vaclav Tomec
> ______________________________________________________________________
> Reklama:
> Tolik věcí a výhod jako od Contactel Bonus Clubu jen tak nezískáte
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at
Scott Burch <scott.burch at>

More information about the openssh-unix-dev mailing list