OpenSSH 3.7.1 compatibility problems on Linux

James Bourne jbourne at
Wed Oct 1 23:55:47 EST 2003

On Fri, 19 Sep 2003, Dag-Erling Smørgrav wrote:

> James Bourne <jbourne at> writes:
> > A little difficult when the only way to get LDAP support into ssh is by
> > using pam, and besides, *why* would anyone even contemplate using different
> > auth implementations for the various services on a server when you can use a
> > single framework to auth with?
> Sorry, but PAM and ssh1 just don't go along very well.  One more
> reason to use ssh2 instead.

I'd love to, unfortunately our window to upgrade clients at this point is
December and therein lies the problem.  

Would it be feasible for sshv1 and, only if pam is configured and UsePAM is
yes, to do simple password authentication, but instead of passing to the
glibc functions, pass to the pam functions?  I'm not sure if I have the
general idea of the code layout, but from my understanding if you use pam,
you have to use a challenge-response method of authentication.  If that part
is dropped, only with sshv1 *and* if you are using pam.  Otherwise, fall
back to other methods.

Thanks and regards


James Bourne                  | Email:            jbourne at          
Unix Systems Administrator    | WWW: 
Custom Unix Programming       | Linux:  The choice of a GNU generation
 "All you need's an occasional kick in the philosophy." Frank Herbert  

More information about the openssh-unix-dev mailing list