I think I'm ready with the SIA (Security Integration Architecture) patches
for Tru64 UNIX. All of the code was written by Tom Woodburn, an engineer
at Compaq. I've only performed integration and testing of the patches with
more help from Tom. Tom's original patches were included in the
"other"
ssh. We'd both like to see SIA support get into OpenSSH.
SIA provides PAM-like functionality on Tru64 UNIX systems. There are two
choices for SIA out of the box: base or enhanced security. Base security
is plain old BSD-style /etc/passwd. Enhanced Security provides C2
security. Other SIA modules can be created and added. For example, there
are some for S/Key and Kerberos.
These patches should work regardless of a system's current security mode,
however they have only been tested with the two "default" SIA choices,
base and enhanced security.
Anyway, I do need some guidance on how to package them up and there are
still some issues which I haven't solved.
I've got patches for two existing files:
auth-passwd.c
sshd.c
I've also got two new files:
auth-sia.h
auth-sia.c
How should the patches and files get packaged together? (I'm not sure how
to create a patch for a file where none existed before).
On Tru64 UNIX systems, the USE_SIA macro needs to be defined, and sshd
needs to be built using -lsecurity. I don't know how to hack the configure
process to make this happen. I'd like to learn, but I'd be happy not to
have to learn also. :-)
Thanks.
On Wed, May 03, 2000 at 09:59:23AM -0400, John P Speno wrote:> I think I'm ready with the SIA (Security Integration Architecture) patches > for Tru64 UNIX. All of the code was written by Tom Woodburn, an engineerThe patches are available here: <URL:http://www.isc-net.upenn.edu/~speno/openssh-1.2.3-sia.tar> There's a README file in that tarball which gives instructions on what to hack after running configure to use SIA support. I will attempt to work up some configure patches unless someone beats me too it. :-) Tru64 UNIX users, if you are out there, please give these patches a try and send feedback. Thanks.
On Mon, 12 Jun 2000, John P Speno wrote:> On Fri, Jun 09, 2000 at 09:59:55PM +1000, Damien Miller wrote: > > > > Do you have a diff against any of the 2.x.x OpenSSH versions? > > I do know. SIA support patches for 2.x are here:I am going through these right now, but this is concerning:> > auth-sia.c > > Author: Tom Woodburn <woodburn at zk3.dec.com> > > Helper functions for using the SIA (Security Integration Architecture) > functions of Tru64 UNIX. > > Copyright (c) 1999 SSH Communications Security Oy, Espoo, Finland > and Compaq Computer CorporationWhat license is this code under? If it is to be integrated, it needs to be under a BSD licence (cf. the start of atomicio.c). Why the copyright for SSH Communications Security? If sections of this code are based on commercial SSH code, they cannot be integrated. Regards, Damien Miller -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)