openssh (OpenBSD) , bsdauth and tis authsrv

ArkanoiD ark at
Tue Sep 12 21:02:26 EST 2006


I've tried using TIS authsrv authentication via bsd auth and found
it quite limited. The most important restriction it does not log
ip and fqdn of the remote peer, nor the application name, to
the authentication server. It does not matter much for TIS authsrv,
but since other applications do provide such information, our
authsrv version uses it for extra authentication restrictions.
And - as tcp loopback interface is hardly considered secure -
we use unix domain sockets to talk to it instead.

I tried Mark Roth's patch, but it suffers from the similar problems
and does not support privsep api.

So i made my own, it is not very good yet (it does not take advantage
of init_ctx) but i hope i will fix that soon if you people will give 
me good advices.

    [ Part 2, Text/PLAIN (charset: KOI8-R "Latin & Russian")  914 ]
    [ lines. ]
    [ Unable to print this part. ]

    [ Part 3: "Attached Text" ]

openssh-unix-dev mailing list
openssh-unix-dev at

More information about the openssh-unix-dev mailing list