[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh and md5.

On Tue, 4 Feb 1997, Andrew G. Morgan wrote:

> This has been a concern for me too. I would like to have a PAM aware sshd.
> Unfortunately, there are apparently some problems with reorganizing the code
> to do things the PAM way, so currently, we are all waiting for a next
> generation of ssh.
> I've been thinking a lot about this lately and have wondered if it would be
> impossible to simply replace the password checking in sshd with a simple:
> 	pam_start()
> 	pam_authenticate()
> 	pam_end()
I've got a copy of 1.2.17 working that way. I already sent a copy to
DataFellows when they asked me about it the last time I said I had a copy
on this list. At least one other person is using it; whether successfully
or not, I don't know (they never said after I sent them the changes). I
suspect that these diffs are what left them to decide that there was a
need to change their algorithm, because it is very clumsy. The
conversation is handled by replacing the standard conversation with
something that accepts the password given from the remote system, so it is
limited to a very simple conversation. Any PAM code that required
cooperation between ssh and sshd won't work the way things are now.

It works fine for a simple UNIX password authentication, and a few other
PAM modules that don't require another password (because ssh is not
expecting it). I currently have nologin and shells pluggd in with the
standard unix modules without a problem.

------------ Custom Programming                               (213) 255-7949
|   inX    |   Network Design                      (800) PICK-inX (742-5469)
| Services |     Consulting                                     ask for Phil
------------     Web Design                        mailto:tmwg@earthlink.net
          Distributed Internet Apps         http://home.earthlink.net/~tmwg/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []