Possible security flaw in OpenSSH and/or pam_krb5
Damien Miller
djm at mindrot.org
Sat Jun 18 08:47:41 EST 2005
Nicolas Williams wrote:
>
> I don't think PAM is going away though, and since PAM application
> developers _can_ cope with those callbacks I don't see much incentive
> for PAM implementors to provide an iterative shim atop PAM. Since you
> say you'll take patches I assume that getting OpenSSH to handle PAM
> properly is really just a matter of resources and therefore really a
> matter of time.
No, it is just an preference to discuss something concrete (patches)
over pointless "OpenSSH should/shouldn't do this, OpenSSH developers are
misguided/dumb/eat babies because ..." arguments.
I never guaranteed that any patches would be accepted, but at least they
could advance this discussion to the point where it has the potential to
be productive.
-d
More information about the openssh-unix-dev
mailing list