Re: PAM bashing (was Re: kerberos support in ssh/lsh)

To: Brian May <bmay@csse.monash.edu.au>
Cc: debian-devel@lists.debian.org
Subject: Re: PAM bashing (was Re: kerberos support in ssh/lsh)
From: Ben Collins <bcollins@debian.org>
Date: Thu, 19 Oct 2000 22:55:20 -0400
Message-id: <20001019225520.F5589@visi.net>
In-reply-to: <x3rzok0z8m1.fsf@lyell.csse.monash.edu.au>; from bmay@csse.monash.edu.au on Fri, Oct 20, 2000 at 10:58:30AM +1100
References: <x3rzok0z8m1.fsf@lyell.csse.monash.edu.au>

On Fri, Oct 20, 2000 at 10:58:30AM +1100, Brian May wrote:
> Hello,
> 
> The upstream author of lsh (GPL replacement for ssh v2) has said quite
> strongly (in the heimdal-discuss mailing list) that he is not going to
> support PAM, as the design of ssh doesn't support PAM.

As the PAM maintainer, I agree totally. In OpenSSH, PAM support is a
complete hack. I had to do cartwheels to get the current implementation
working as good as it is. Mostly to do with the fact that ssh has no
terminal with the client during authentication and arbitrary isn't
possible until after the authentication is complete.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Reply to:

References:
- PAM bashing (was Re: kerberos support in ssh/lsh)
  - From: Brian May <bmay@csse.monash.edu.au>

Prev by Date: Re: Helix debian packages
Next by Date: Re: [script] Changing bug originator on reports with obsolete emails
Previous by thread: Re: PAM bashing (was Re: kerberos support in ssh/lsh)
Next by thread: Comments on FHS testsuite run
Index(es):
- Date
- Thread