[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh and pam



Savochkin Andrey Vladimirovich wrote:
> On Tue, Dec 30, 1997 at 11:34:23AM -0500, Nathan Binkert wrote:
> [snip]
> > > A contribution to PAMification of ssh
> > > based on Andrew's version of the PAMification will be appreciated.
> > 
> > What is the status of this work?  I would be willing to work on it and
> > help finish it up.

> Below there is my understanding of the status, it may be incomplete
> or/and incorrect.

Nope, this is a pretty complete summary.

> Already done:
> 1. new authentication method SSH_AUTH_PAM was introduced;
> 2. new messages (between ssh client and server) was introduced;
> 3. general conversation function for sshd was written;
> 4. may be other important things which I missed.
> 
> What is required:
> 1. Modules for at least RSA and RSARhosts authentication
>    should be written. My plan is to take appropriate code from
>    sshd and make from them separate modules (i.e. ".so" files).

This is the tricky one.  I'd make this #2.

> 2. Sshd should properly establish PAM environment (HOME, SHELL etc)
>    for modules and pass the environment to user's shell invoked on login.

I made a patch for this last night, but was fighting with my laptop to
make it compile.  I'll try to post an amended patch tomorrow.

> Andrew, what do you think about further developing of ssh+pam patches?

Well, I think I'm getting my life into shape again after my change of
career, so I'm pretty hopeful.... Watch this space. ;^)

Primarily, the problem I see with what I am calling TODO#2 is that it
might involve writing some code I don't want to put up for public
consumption -- I might get arrested.  I'd be very happy to discuss how
to do it "in principle" though.  The more people familiar with sshd,
its source code, and the way we're patching in support for PAM, the
better the discussion will be.  Once we have something that is viable,
we should also press hard to get our patch adopted in the official
source for sshd.  For our modifications to be successful we need all
clients to support this new authentication framework.

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []