Possible security flaw in OpenSSH and/or pam_krb5
Frank Cusack
fcusack at fcusack.com
Fri Jun 17 09:40:08 EST 2005
On June 9, 2005 8:36:16 PM -0500 Nicolas Williams <Nicolas.Williams at sun.com> wrote:
> On Fri, Jun 10, 2005 at 10:10:05AM +1000, Darren Tucker wrote:
>> Nicolas Williams wrote:
>> If you're looking for ways to improve PAM then I've got a long list, but
>> the biggest single improvement you could make is to come up with a
>> rentrant replacement for the blocking callback conversation function model.
>
> I have a long list too. As OpenSolaris comes online we'll have lots of
> opportunity to go over these lists, design and implement improvements.
>
> As for the conversation function issue you have, I've advised the
> OpenSSH team before on how to handle the matter,
As have I. It's not difficult. The portable openssh team just doesn't
get PAM, and apparently doesn't WANT to (I say this because it's not
that hard).
Frank
More information about the openssh-unix-dev
mailing list