openssh-3.7p1+ and PAM on OS X
Darren Tucker
dtucker at zip.com.au
Mon Nov 15 13:12:10 EST 2004
Nick Lane-Smith wrote:
> Bug 688 is causing me a massive headache on OS X.
[..]
> How do you plan to fix 688?
Sorry, I missed the "How" in my first reply.
So far there appears to be two potential solutions, neither of which are
particularly palatable:
1) Invert the parent-child relationship in the existing code: ie have
the parent make the PAM calls and the child talk to the user/privsep
slave. (Ironically, this may be easier to implement with privsep than
without it since key and compression state is less of an issue).
See http://marc.theaimsgroup.com/?l=secure-shell&m=108231421231223
2) Implement the PAM conversation as a coroutine. Clever, but
potentially unportable, a maintenance hassle and a debugging nightmare.
See http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list