[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh & opie



Savochkin Andrey Vladimirovich wrote:
> 
> Andrew Morgan and I have spent more than a month trying to implement
> the full PAM support in ssh.  My goal was to make sshd worked with full
> range of authentication schemes including RSA under the PAM control.
> We implemented binary prompts in PAM library and libpam_client library
> to handle binary PAM messages on the client side.
> 
> I wasn't satisfied by our results.  Sshd code looks as a real mess
> in authentication functions because the authors want to support
> every authentication kludge for every OS.  My PAM additions make the
> code looks worse.

Actually, I strongly disagree with this.  The original code is so
spaghetti-like I think the PAM patch we developed cleans some things up.

I actually make use of this ssh'd+PAM patch every day.  So far as I can
see, the main problem with this patch is that it is not part of the
official sources.  Consequently, its possible that the transport
protocol numbers it uses are likely to be trampled on without warning.

For those that want to play, the patch has been here for quite some
time:

  http://www.kernel.org/pub/linux/libs/pam/pre/applications/

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []