Some reactions on the thread :
Integrating SmartCard in PAM is no problem. Problem I'm facing with for
example CryptoCard and SecureID tokens is that those manufacturers refuse
to give out any form of information about the internal operation of those
tokens.
That prevents me from implementing event synchronous mode.
The best way to handle this with SSH is probably the way for example
Apache and PAM handles those : Using DSO's that can be loaded from the
config. Saves tons of #ifdefs and recompiles, but has some security
related drawbacks, so I'm not sure if the OpenSSH core team is willing to
integrate patches which implements those.
I'm currenly beta-testing the OpenBSD port of the ANSI X9.9 extension, so
that Challenge - Response is possible with OpenSSH protocol v1. Someone
else is taking care of the v2 protocol.
If there are serious thought on implementing SmartCard support in OpenSSH
I'm more than willing to help.
Regards,
Igmar
--
--
Igmar Palsenberg
JDI Media Solutions
Jansplaats 11
6811 GB Arnhem
The Netherlands
mailto: i.palsenberg at jdimedia.nl
PGP/GPG key : http://www.jdimedia.nl/formulier/pgp/igmar
