[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH and Linux-PAM?

On 11 Jun 1999, Steve Dunham wrote:

> > After some investigation, this is exactly what is happening.  Users
> > are able to get around PAM through an rhosts file.  In our
> > application, it is necessary to have rhosts authentication.  So the
> > question is, where can I find a pamified SSH that doesn't have this
> > problem.  I.e, one that uses PAM when doing password-based
> > authentication as well as when authenticating using an RSA key or an
> > rhosts file?

> IIRC, there is an option in /etc/ssh/sshd_config that lets you disable
> this "feature".

It's possible to set ssh up to do password-only authentication, in which
case it passes control to PAM; however, if handled this way, I believe
that sshd (at least in all currently available implementations) concludes
that RSA authentication is not supported, and informs the client of this.
The result is that the client never tries to send RSA keys, so even if you
have a PAM module that supports them, you won't be able to use it.

It would certainly be nice if it /was/ possible, tho...

-Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []