[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Putty 0.45 vs. SSH Login

On Sun, May 05, 2002 at 12:15:49PM -0300, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> Fixing this one is quite difficult. If you go through another code path in
> ssh for blocked and non-blocked logins, which does not call PAM, you will
> have other problems (because it is non-obvious that the PAM modules will
> never get called).   
> The best bet would have to move the delay out of PAM (always using nodelay
> in the ssh PAM file) into ssh, I suppose.

I don't know much about OpenSSH or PAM internals, but how about adding
an option to PAM to make authentication always fail for root and move
all this authentication stuff into PAM.

This might not make the OpenSSH code any prettier, because it would
still have to be able to do the authentication when compiled without
PAM support, but from a system design p.o.v. it makes sense to keep
authentication centralized as much as possible.

Tim van Erven <tripudium@chello.nl>
OpenPGP Key ID: 712CB811        Fingerprint: F6C9 61EE 242C C012 36D5
                                             BBF8 6310 D557 712C B811

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: