openssh unix dev - Nov 2003 - Partial authentication

Hello,

I would like to bring up the topic of possibly including partial
authentication functionality into OpneSSH again - it was discussed a few
weeks ago. I believe that implementing auth vectors was suggested as a way
to achieve this.
The reasoning behind the need for partial auth is that there are cases when
multiple methods of authentication are required for the user to be
successfully authenticated (password and SecureID for example).
I just want to find out if there are any active plans for building this, or
if there is a decision not to include partial auth in OpenSSH.

  Thank you,

  -Dmitry.

Dmitry,

The original partial authentication patch for the pre-privilege-separation 
version of SSH was written by Carson Gaspar.  An improvement on this patch 
was made by Maciej Bogucki.

As an employee of Cyclades, I ported this patch to the current version of 
SSH with privilege separation since we needed this functionality.  
The work that I did is quite a hack, but it works well enough.  I do not 
have the extensive knowledge of SSH that I should have to make this kind 
of improvement in as elegant a way as the core SSH developers.

Although I have passed my work along (and the code is available in our
product's freely-available CDK), there seems to be little interest in
partial authentication among the OpenSSH community (I've brought up this
topic before).

I would like to see partial authentication in OpenSSH as I think that it 
is a valuable feature.  It would be great to see improvements to the work 
that I've done to turn a strictly functional patch into one that is 
elegant and verified to be free of security concerns.

Regards,

Erik.

On Fri, 7 Nov 2003, Dmitry Berezin wrote:
> Hello,
> 
> I would like to bring up the topic of possibly including partial
> authentication functionality into OpneSSH again - it was discussed a few
> weeks ago. I believe that implementing auth vectors was suggested as a way
> to achieve this.
> The reasoning behind the need for partial auth is that there are cases when
> multiple methods of authentication are required for the user to be
> successfully authenticated (password and SecureID for example).
> I just want to find out if there are any active plans for building this, or
> if there is a decision not to include partial auth in OpenSSH.
> 
>   Thank you,
> 
>   -Dmitry.
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
-- 
Erik Lotspeich
Software Engineer, R&D
Cyclades Corporation
erik.lotspeich at cyclades.com
Phone:  510-771-6153
Fax:    510-771-6200
http://www.cyclades.com/
"Everywhere with Linux"

On Mon, Dec 29, 2003 at 09:36:06AM -0800, erikvcl at silcom.com
wrote:
> The original partial authentication patch for the pre-privilege-separation 
> version of SSH was written by Carson Gaspar.  An improvement on this patch 
> was made by Maciej Bogucki.
we would be interested in a simple version of partial authentication.