SRP secure remote password authentication

Edward Flick eddy at cdf-imaging.com
Fri Sep 19 00:22:42 EST 2003


I'm assuming PAM is just for local authentication as it does not dictate the
method by which the client and the authenticator exchange the user/pass
which SRP and other remote authentication methods do.

Edward Flick

-----Original Message-----
From: openssh-unix-dev-bounces+eddy=cdf-imaging.com at mindrot.org
[mailto:openssh-unix-dev-bounces+eddy=cdf-imaging.com at mindrot.org]On
Behalf Of Michael Stone
Sent: Thursday, September 18, 2003 8:56 AM
To: openssh-unix-dev at mindrot.org
Subject: Re: SRP secure remote password authentication


On Thu, Sep 18, 2003 at 08:58:34AM +1000, Jeremy Nysen wrote:
>I've been using Tom Holroyd's OpenSSH SRP patches for quite a while and
>they do exactly that. Under Redhat, the PAM module makes the EPS verifiers
>transparent to the applications, and lets EPS work with anything that uses
>PAM, (eg. Samba, login, imap, pop, ldap, etc). OpenSSH can still
>authenticate with EPS without the SRP patches through the PAM subsystem,
>but obviously this doesn't use the SRP protocol.

I'm confused. If you can implement this via PAM why do you need special
patches? What's the difference between the two approaches?

Mike Stone

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev




More information about the openssh-unix-dev mailing list