[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM bashing (was Re: kerberos support in ssh/lsh)

On Fri, Oct 20, 2000 at 10:58:30AM +1100, Brian May wrote:
> Hello,
> The upstream author of lsh (GPL replacement for ssh v2) has said quite
> strongly (in the heimdal-discuss mailing list) that he is not going to
> support PAM, as the design of ssh doesn't support PAM.

As the PAM maintainer, I agree totally. In OpenSSH, PAM support is a
complete hack. I had to do cartwheels to get the current implementation
working as good as it is. Mostly to do with the fact that ssh has no
terminal with the client during authentication and arbitrary isn't
possible until after the authentication is complete.

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '

Reply to: