[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh and md5.



On Tue, 4 Feb 1997, Andrew G. Morgan wrote:

> SinVraal wrote:
> > Hello all.  I wasn't really able to get too much info from the ssh list on
> > this, but I'd like to use ssh with md5 passwords, so I could try to move
> > my whole system to them (save xdm for now though!). 
> 
> This has been a concern for me too. I would like to have a PAM aware sshd.
> Unfortunately, there are apparently some problems with reorganizing the code
> to do things the PAM way, so currently, we are all waiting for a next
> generation of ssh.
> 
> I've been thinking a lot about this lately and have wondered if it would be
> impossible to simply replace the password checking in sshd with a simple:
> 
> 	pam_start()
> 	pam_authenticate()
> 	pam_end()
> 
> In this way, we'd at least get the pluggable "authentication" which would be
> enough to do md5 passwords in the way that you (and I) want.

The problem is the conversation function will have an aweful time of it,
which we must use since its illegal (I think) to do a pam_set_item of the
AUTHTOK. Also this will eliminate rhosts authentication, which ssh can
also do. 

The best thing to do would probably be to talk directly to the author of
ssh and see what's up with PAM in it, and if your solution is workable.
It's been a while since I looked at the ssh code, so I may be wrong about
PAMification.

-- Elliot                                 http://www.redhat.com/
"I'm a member of the Association of Federations of Linux Project
Initiators That Never Really Get Much Done (AFLPITNRGMD, for short)." 
			   Just do it!



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []