Date: Sat, 8 Jul 2000 14:52:37 -0400 From: Webbie <webbie@everyday.cx> To: Jim Durham <durham@w2xo.pgh.pa.us> Cc: freebsd-security@freebsd.org Subject: Re: openssh and PAM Message-ID: <14651280467.20000708145237@everyday.cx> In-Reply-To: <39675126.D3CDCEAE@w2xo.pgh.pa.us> References: <39675126.D3CDCEAE@w2xo.pgh.pa.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Jim,
I have the same experience as you do.
PAM is only a method to specify how you want to verify the password.
What you/me have done was to tell sshd not to bother with pam auth and
just use the default freebsd password auth method, either MD5 or DES.
So, I don't see a security problem here.
Saturday, July 08, 2000, 12:04:54 PM, you wrote:
JD> Since this applies to a system in another galaxy far far away, I'll
JD> ask this here!
JD> I was building openssh-2.1.1p2 with openssl-0.95a on a 3.3-RELEASE
JD> box. (Yes, I know it's upgrade time, but it's a production system
JD> and I'm replacing it soon).
JD> The sshd daemon would not authenticate using the PAM stuff. I *did*
JD> install the stuff from the contrib directory in the openssh sources
JD> in /etc/pam.conf.
JD> It was suggested by a posting elsewhere that it would work by configging
JD> it with --without-pam. You then get a link error, which you can fix
JD> with -lcrypt in the Makefile.
JD> What sort of security compromise have I caused here?
JD> Thanks...
--
Webbie
\\|//
(o o)
+-------------------------oOOo-(_)-oOOo-----------------------------+
EMail : mailto:webbie(at)everyday(dot)cx
PGP Key : http://www.everyday.cx/pgpkey.txt
PGP Fingerprint: 0B9F E081 35CD B9AF 58EA 7E43 38EC C84F 4AB4 792C
+-------------------------------------------------------------------+
Dodge: Dead Or Dying Garbage Emitter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14651280467.20000708145237>