What are the chances of getting the SecurID patch integrated into OpenSSH? I think I asked before and was told that it could be done with PAM, but I (and others) are not satisfied with the PAM support. This "tight" integration seems to work much better. If not, I'll just sit on my rogue patches :-( -- Theo Schlossnagle 1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E 2DC2 72C2 AD05 A8EB CF8F 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
On Fri, 22 Dec 2000, Theo E. Schlossnagle wrote:> What are the chances of getting the SecurID patch integrated into > OpenSSH? I think I asked before and was told that it could be done > with PAM, but I (and others) are not satisfied with the PAM support.What is wrong with the PAM support? Have you tried the KbdInteractive support in the snapshots? -d -- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of Shakespeare. Now, thanks to the Internet, / | we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
Damien Miller wrote:> > What are the chances of getting the SecurID patch integrated into > > OpenSSH? I think I asked before and was told that it could be done > > with PAM, but I (and others) are not satisfied with the PAM support. > > What is wrong with the PAM support? Have you tried the > KbdInteractive support in the snapshots?The PAM supports for SecurID is okay. I have no direct complaints about that... I am having all sorts of trouble getting this work right. It sort of works with openssh->openssh, but all of the clients that I have to support are legacy ssh1 clients -- Windows clients and unix ssh.com ssh1.2.27 clients. Is this explicitly not supported under protocol 1? -- Theo Schlossnagle 1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E 2DC2 72C2 AD05 A8EB CF8F 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
Theo can you be more specfic? I have been working on the ssh1.2.30 with securid patch for a while now and it works fine. I am in the process of loading your patch on a openssh2.3 right now and if your haveing problems it would be helpful to know what errors your getting. Donald.Smith at qwest.com IP Engineering Security 303-226-9939/0688 Office/Fax 720-320-1537 cell> -----Original Message----- > From: Theo E. Schlossnagle [mailto:jesus at omniti.com] > Sent: Thursday, January 04, 2001 11:37 AM > To: Damien Miller > Cc: openssh-unix-dev at mindrot.org > Subject: Re: SecurID patch. > > > Damien Miller wrote: > > > What are the chances of getting the SecurID patch integrated into > > > OpenSSH? I think I asked before and was told that it > could be done > > > with PAM, but I (and others) are not satisfied with the > PAM support. > > > > What is wrong with the PAM support? Have you tried the > > KbdInteractive support in the snapshots? > > The PAM supports for SecurID is okay. I have no direct > complaints about > that... > > I am having all sorts of trouble getting this work right. It > sort of works > with openssh->openssh, but all of the clients that I have to > support are > legacy ssh1 clients -- Windows clients and unix ssh.com > ssh1.2.27 clients. Is > this explicitly not supported under protocol 1? > > -- > Theo Schlossnagle > 1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E 2DC2 72C2 AD05 A8EB CF8F > 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7 >