From owner-cvs-all  Mon Mar 18  3: 6:58 2002
Delivered-To: cvs-all@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 21CD737B400; Mon, 18 Mar 2002 03:06:48 -0800 (PST)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 851A85346; Mon, 18 Mar 2002 12:06:46 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Mark Murray <mark@grondar.za>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh auth-skey.c
References: <xzplmcqnoea.fsf@flood.ping.uio.no>
	<200203181059.g2IAxfH5001916@grimreaper.grondar.org>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 18 Mar 2002 12:06:45 +0100
In-Reply-To: <200203181059.g2IAxfH5001916@grimreaper.grondar.org>
Message-ID: <xzp7koanni2.fsf@flood.ping.uio.no>
Lines: 20
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Mark Murray <mark@grondar.za> writes:
> > I don't think we've ever used PAM for S/Key authentication, have we?
> No - but we use PAM for OPIE, and this file is used for OPIE (as you
> saty above).

What I mean is that our version of OpenSSH has never used PAM for what
it calls S/Key, which in our tree is actually OPIE.

ISTR Eivind ran into some trouble related to this when he first
PAMified OpenSSH, regarding assumptions that challenge / response
based authentication had to be S/Key.  As far as I can determine, this
was still true of OpenSSH 2.9 but is no longer true of OpenSSH 3.1,
which has an elaborate mechanism for defining new authentication
methods (gee, you'd think they'd heard of PAM...)  I'm going to see if
I can make PAM fit into this mechanism instead of hacking it into
auth[12].c and session.c like we do now.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message