OpenSSH 3.7.1 compatibility problems on Linux
James Bourne
jbourne at hardrock.org
Wed Oct 1 23:55:47 EST 2003
On Fri, 19 Sep 2003, Dag-Erling Smørgrav wrote:
> James Bourne <jbourne at hardrock.org> writes:
> > A little difficult when the only way to get LDAP support into ssh is by
> > using pam, and besides, *why* would anyone even contemplate using different
> > auth implementations for the various services on a server when you can use a
> > single framework to auth with?
>
> Sorry, but PAM and ssh1 just don't go along very well. One more
> reason to use ssh2 instead.
I'd love to, unfortunately our window to upgrade clients at this point is
December and therein lies the problem.
Would it be feasible for sshv1 and, only if pam is configured and UsePAM is
yes, to do simple password authentication, but instead of passing to the
glibc functions, pass to the pam functions? I'm not sure if I have the
general idea of the code layout, but from my understanding if you use pam,
you have to use a challenge-response method of authentication. If that part
is dropped, only with sshv1 *and* if you are using pam. Otherwise, fall
back to other methods.
Thanks and regards
James
> DES
--
James Bourne | Email: jbourne at hardrock.org
Unix Systems Administrator | WWW: http://www.hardrock.org
Custom Unix Programming | Linux: The choice of a GNU generation
----------------------------------------------------------------------
"All you need's an occasional kick in the philosophy." Frank Herbert
More information about the openssh-unix-dev
mailing list