similar to: secureid and CA

> | The ACE server has _nothing_ to do with a CA I know . But still there should be some kind of feature to offer "centralized authentication" with no relying on the 2 ssh sides, anyone agree ? (I suggested the ACE for 3 reasons: the team here find it reasonbly o.k - at list by looking in the archives it's quite known it's a good starting point - i think) TIA , Ran Sasson

Hi, =20 I=92m looking for inspiration on how to get Samba (setup as a Domain controller)=20 To authenticate its users by AAA products like Safeword from = securecomputing (HYPERLINK "http://www.safeword.com/"www.safeword.com) or RSA SecureID =96 HYPERLINK "http://www.rsa.com/"www.rsa.com=20 =20 Would appreciate responses from you kind folks =20 Rgds Gopal --=20 No

Hmmm... You guys aware of this project to incorporate Smart Cards into ssh-agent? I remember hearing about some stuff for OpenSSL, but I don't recall hearing about this on the OpenSSH list or on the Muscle list. This would be a really nice thing... :-) Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (678) 463-0932 |

I have a few questions: 1) Is OpenSSH 2.9p2 (or any other version of OpenSSH) vulnerable to the same problem as SSH3.0.0? (described here: http://www.kb.cert.org/vuls/id/737451 ) 2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this patch to each new version is growing more difficult as time goes on. Would you consider merging this

Hello, I would like to bring up the topic of possibly including partial authentication functionality into OpneSSH again - it was discussed a few weeks ago. I believe that implementing auth vectors was suggested as a way to achieve this. The reasoning behind the need for partial auth is that there are cases when multiple methods of authentication are required for the user to be successfully

The ability to log even just the names of the files being transferred, and possibly their sizes, has been a requested feature since early 2000 (over six years!!) and I've yet to see any of the developers on this list respond directly. I've found a patch from V?clav Tomec here: http://sweb.cz/v_t_m/ but it includes lots of other stuff (SecureID implementation and a tweak for being able to

I have received many queries as to the status of the SecurID patch for openssh 3.4. I finally found some time in my schedule to port and test. The integrated SecurID patches for OpenSSH version 3.4p1 are now available at the same old place: http://www.omniti.com/~jesus/projects/ The porting effort included moving all auth code to the new privilege separation model. Enjoy. -- Theo

Hi, I'm trying to use dovecot for storing mailing lists and read-only access for users. The OS is Solaris, authentication for all readers of these lists are from Ldap through PAM, and one local user "listuser" will receive all mail and store them into it's folders (Maildirs). These maildirs are readable (read-only) for all others and they are shared by setting --- mail_location:

The PostgreSQL Conference East is in NYC this year and the schedule has just been published. As a note there is a full day RoR class happening at the conference. March 08, 2011: Celebrating 15 years of PostgreSQL, early. Following on the smashing success of PostgreSQL Conference West, The PostgreSQL Conference for Developers, End Users and Decision Makers, is being held at the Hotel

https://bugzilla.mindrot.org/show_bug.cgi?id=2553 Bug ID: 2553 Summary: 7.2p2 on server breaks GSSAPI with older clients Product: Portable OpenSSH Version: 7.2p1 Hardware: amd64 OS: Solaris Status: NEW Severity: normal Priority: P5 Component: Kerberos support Assignee:

Hello Theo, > > > Could you let me know where this test patch would be available. > > > > Try: > > http://www.omniti.com/~jesus/SecurID/ > > > > -- Regarding your patch, did you continue the integration (mainly: Handle PIN creation and changing ...)? Do you foreseen to transport it in new release 2.3.0p1? Kind regards, Joel

I opened a bug report earlier today but it doesn''t seem to have been added to the bugs database. I''m posting here in case one of the Crossbow developers might see it and confirm this behavior. Description Duplicate packets are generated whenever an aggregate is introduced into the network configuration. We''ve ruled out switch ports and physical bge interfaces as

Hello, I used the SecureShell windows client from ssh.com and it have a cool feature: Once I logged on a server with ssh, I was able to create more terminals without being asked for a password again. It seems that it use the 'same channel' created from the first ssh client. So, it's possible with openssh on linux/bsd? If yes, how? If not, can you add this feature? Why I ask taht?

Some reactions on the thread : Integrating SmartCard in PAM is no problem. Problem I'm facing with for example CryptoCard and SecureID tokens is that those manufacturers refuse to give out any form of information about the internal operation of those tokens. That prevents me from implementing event synchronous mode. The best way to handle this with SSH is probably the way for example Apache

The native SecurID support for OpenSSH patch has been updated to release 2.5.2p2 and incorporates fixes to the "validate next token" code. It is available at: http://www.omniti.com/~jesus/projects/ Enjoy.

Hello, I was searching the internet for an challenge-response system to authenticate an Openssh session with an hardware token. Now i found this, its very old, so i want to now how's the situation today. I couldn't find much documentation. Re: SSH with SecureID > Is there any documentation I'm missing on how to integrate the two? > We'd love to go with 2-factor

I have a few patches for AIX. The patchfile is attached below. The patch has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, with openssl-0.94, using RSAref. 1) authenticate support - this function allows the system to determine authentification. Whatever the system allows for login, authenticate will too. It doesn't matter whether it is AFS, DFS, SecureID, local.

I noticed that (perhaps because ':' is invalid in a username) you can say ssh -l user:style host, where the "user:style" is sent by the client, and the server strips the ":style" part off and makes it available as part of the authentication context. It's currently unused. What are the plans for this, if any? I was experimenting with the idea of using it with SRP

I'm trying to use dovecot-deliver with sieve plugin, delivering to Maildirs. Everything seems working O.K., but I'm getting the following lines in /var/log/maillog: --- Mar 29 00:06:00 alt64 dovecot: imap-login: Login: user=<seriv>, method=PLAIN, rip=66.80.117.2, lip=192.168.10.8, TLS Mar 29 00:06:00 alt64 dovecot: IMAP(seriv): mmap() failed with index file

Hi All, I havent heard a response back to my previous posts so I am now trying from a "broader" topic. What I have is the following: A 2 Form Factor Token Authentication system similar to RSA SecureID A Linux SAMBA 3.0.14a-Debian I've got the two systems authenticating against each other with RADIUS via PAM support. When I tell SAMBA to use this PAM support as well, I see the