openssh (OpenBSD) , bsdauth and tis authsrv

ArkanoiD ark at eltex.net
Tue Sep 12 21:02:26 EST 2006


nuqneH,

I've tried using TIS authsrv authentication via bsd auth and found
it quite limited. The most important restriction it does not log
ip and fqdn of the remote peer, nor the application name, to
the authentication server. It does not matter much for TIS authsrv,
but since other applications do provide such information, our
authsrv version uses it for extra authentication restrictions.
And - as tcp loopback interface is hardly considered secure -
we use unix domain sockets to talk to it instead.

I tried Mark Roth's patch, but it suffers from the similar problems
and does not support privsep api.

So i made my own, it is not very good yet (it does not take advantage
of init_ctx) but i hope i will fix that soon if you people will give 
me good advices.



    [ Part 2, Text/PLAIN (charset: KOI8-R "Latin & Russian")  914 ]
    [ lines. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list