Support for merging LPK and hpn-ssh into mainline openssh?

Damien Miller djm at
Thu Sep 10 04:44:24 EST 2009

On Wed, 9 Sep 2009, Howard Chu wrote:

> Hmm. Pushing this out to a separate process requires inventing yet
> another IPC protocol, and adds one more moving piece that can break.
> How does this approach avoid complexity?

It avoids complexity in the critical part - the sshd daemon. It is more
orthogonal too - if someone wants to store keys in xyzdb then they can
make a subprocess to do that too.

> How is it any hassle to add libldap to the link dependencies of sshd?

Because the API presented by the LDAP libraries that I have looked at is
quite ugly, because different platforms have different favourite LDAP
APIs, because we don't want to build in support for every crazy variant
schema that people will inevitably come up with.


More information about the openssh-unix-dev mailing list