SecurID authentication for 3.6.1p2 with privsep

[Scott Burch]

Vaclav,

Thanks for the update. I have tested your new patch and everything works
great with privilege separation. I was also able to apply your patch
along with Darren Tucker's password expiration patch. If anyone has
questions about using Vaclav's patch on Solaris let me know. The
packages I build for my site include support for password expiration and
securid with privilege separation enabled. Currently I target Solaris
2.6 through Solaris 8. I build static binaries so that I don't rely on
external libraries.Oh, I also build in support for tcp_wrappers.

I use the ACE Agent SDK and Ace Server 5. Previously I used your patch
with 3.5p1 and tested it with putty, SecureFX, SecureCRT, and filezilla.

Selective access to various authentication types would be useful. If I
want to enforce securid authentication currently I disable password and
publickey authentication, but it might be nice to configure this
differently for different users.

-Scott

On Tue, 2003-06-10 at 04:30, Václav Tomec wrote:
> Hello all,
> 
> I have made SecurID authentication for OpenSSH 3.6.1p2.
> 
> This patch was totaly rewritten, so please test it before use.
> 
> Kbd-int authentication is now integrated into challenge response
> auth. 
> 
> Privsep is now fully suported.
> 
> 
> PS: What do you think of selective access to the individual
> authentications, similar to AllowGroups/DenyGroups or maybe
> AllowUsers/DenyUsers ?
> 
> 
> Vaclav Tomec
> http://sweb.cz/v_t_m/
> 
> ______________________________________________________________________
> Reklama:
> Tolik věcí a výhod jako od Contactel Bonus Clubu jen tak nezískáte http://ad2.seznam.cz/redir.cgi?instance=55052%26url=http://club.razdva.cz/
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
-- 
Scott Burch <scott.burch at camberwind.com>