SRP secure remote password authentication

Edward Flick eddy at
Fri Sep 19 00:22:42 EST 2003

I'm assuming PAM is just for local authentication as it does not dictate the
method by which the client and the authenticator exchange the user/pass
which SRP and other remote authentication methods do.

Edward Flick

-----Original Message-----
From: at
[ at]On
Behalf Of Michael Stone
Sent: Thursday, September 18, 2003 8:56 AM
To: openssh-unix-dev at
Subject: Re: SRP secure remote password authentication

On Thu, Sep 18, 2003 at 08:58:34AM +1000, Jeremy Nysen wrote:
>I've been using Tom Holroyd's OpenSSH SRP patches for quite a while and
>they do exactly that. Under Redhat, the PAM module makes the EPS verifiers
>transparent to the applications, and lets EPS work with anything that uses
>PAM, (eg. Samba, login, imap, pop, ldap, etc). OpenSSH can still
>authenticate with EPS without the SRP patches through the PAM subsystem,
>but obviously this doesn't use the SRP protocol.

I'm confused. If you can implement this via PAM why do you need special
patches? What's the difference between the two approaches?

Mike Stone

openssh-unix-dev mailing list
openssh-unix-dev at

More information about the openssh-unix-dev mailing list