[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: draft-ietf-secsh-userauth-01.txt (fwd)

On Thu, 27 Mar 1997, Charlie Brady wrote:

> For those trying hard to understand how to tie in ssh with pam, the ssh
> authentication protocol has just been codified in an ietf draft. I hope
> this information helps.

I read it. It is moving towards a more easily PAMifiable model, but it is,
as the author (cc'd on this) says:
> Authentication is mostly client-driven.  The client sends an
> authentication request, and the server responds with success or failure.

This is 180 degrees contrary to the PAM model, which has the server asking
the client for the appropriate auth tokens.

If it is possible to have the rhosts-style of authentication always be
tried before password authentication, then we can store the rhosts info on
an rhosts try, always fail the rhosts try, and pass the rhosts info in
with a pam_authenticate() call when password authentication is tried. 

Anyone have better ideas?
-- Elliot Lee
   http://www.redhat.com/             http://www.linuxexpo.org/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []