From owner-freebsd-questions Fri Nov 10 14:53:39 2000 Delivered-To: freebsd-questions@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1FA9637B4C5; Fri, 10 Nov 2000 14:53:35 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAAMsf379577; Fri, 10 Nov 2000 14:54:41 -0800 (PST) (envelope-from kris) Date: Fri, 10 Nov 2000 14:54:41 -0800 From: Kris Kennaway To: Garance A Drosihn Cc: "David E. Cross" , Kris Kennaway , bsd@righi.df.unibo.it, freebsd-questions@FreeBSD.ORG Subject: Re: SSH and PAM Message-ID: <20001110145441.B79523@citusc17.usc.edu> References: <200011062124.QAA65958@cs.rpi.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="CUfgB8w4ZwR/yMy5" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drosih@rpi.edu on Fri, Nov 10, 2000 at 12:49:30PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 10, 2000 at 12:49:30PM -0500, Garance A Drosihn wrote: > At 4:24 PM -0500 11/6/00, David E. Cross wrote: > >I have seen this bantered about a bit on the mailing lists, but I > >have not seen an answer. > > > >I am looking to ssh into a machine, issue a krb5 password, and be > >authenticated. PAM allows for this (I even have the pam_krb5.so), > >however sshd on FreeBSD apparently does not support PAM. Why? > >Is there an easy way to fix this other than download the OpenSSH > >stuff and do a seperate compile? Doesn't it seem a bit broken > >to have one of the premiere authentication programs _not_ using > >PAM? >=20 > Maybe Kris could comment on what the issues are wrt openssh vs > freebsd's PAM... We use the OpenBSD version of OpenSSH, and it doesn't include PAM code. I understand the "portable version" does, but I haven't tried to extract patches. It may make more sense to give up on the OpenBSD version and switch to the portable one - e.g. it would probably be easier to get FreeBSD changes backported. Currently it's almost impossible to get OpenBSD to accept code changes from us :-( Kris --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoMfLAACgkQWry0BWjoQKV1IACg1tTR8LP1VFWz16r5g/s7aOmf A+8An3roCxfA+7Glo8Gn243OEqEwCacr =j1c0 -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message