SRP secure remote password authentication

Michael Stone mstone at
Thu Sep 18 23:55:38 EST 2003

On Thu, Sep 18, 2003 at 08:58:34AM +1000, Jeremy Nysen wrote:
>I've been using Tom Holroyd's OpenSSH SRP patches for quite a while and 
>they do exactly that. Under Redhat, the PAM module makes the EPS verifiers 
>transparent to the applications, and lets EPS work with anything that uses 
>PAM, (eg. Samba, login, imap, pop, ldap, etc). OpenSSH can still 
>authenticate with EPS without the SRP patches through the PAM subsystem, 
>but obviously this doesn't use the SRP protocol.

I'm confused. If you can implement this via PAM why do you need special
patches? What's the difference between the two approaches?

Mike Stone

More information about the openssh-unix-dev mailing list