[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh and pam



On Tue, Dec 30, 1997 at 10:01:50PM -0500, Dave Wreski wrote:
> > The original source of ssh knows nothing about PAM.
> > I don't know where you get your rpm file so I can't say much about
> > version you use.
> 
> I was just wondering what purpose it serves to pamify ssh.  Ssh is already an
> authentication program; isn't it duplicating its purpose?
> 

I don't think so.
I consider ssh mainly as a tool for establishing encrypted channels
for data transfer. Ssh implements also more robust methods of authentication
(i.e. proving that user is what he claims to be) than systems like telnet.

PAM provides to a system administrator very flexible and configurable
way to do both authentication and authorization (being understood here
as determining if the user has permissions to specified kind of access).

If you look at ssh sources you'll find that ssh daemon's actions for
user's authentication, authorization and opening login session
(including displaying last login time and invoking shell) are
done in very inflexible way, can be configured only at compilation time,
and are incompatible with actions done by other programs like login.

I definitely can't consider as a feature that if I disable an account
the user can't enter the system via login, telnet and everything else
except ssh, and can login in through ssh!

Regards,
					Andrey V.
					Savochkin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []