Date: Mon, 18 Mar 2002 14:46:48 -0500 (EST) From: Garrett Wollman <wollman@lcs.mit.edu> To: Dag-Erling Smorgrav <des@ofug.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh auth-skey.c Message-ID: <200203181946.g2IJkmT34221@khavrinen.lcs.mit.edu> In-Reply-To: <xzp7koanni2.fsf@flood.ping.uio.no> References: <xzplmcqnoea.fsf@flood.ping.uio.no> <200203181059.g2IAxfH5001916@grimreaper.grondar.org> <xzp7koanni2.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On 18 Mar 2002 12:06:45 +0100, Dag-Erling Smorgrav <des@ofug.org> said: > was still true of OpenSSH 2.9 but is no longer true of OpenSSH 3.1, > which has an elaborate mechanism for defining new authentication > methods (gee, you'd think they'd heard of PAM...) Category error. PAM's authentication model is designed for interacting with humans. The secure shell protocol's authentication protocol is designed for interacting with other programs, which may or may not be acting on behalf of humans. (See also GSS-API, SASL, EAP, etc.) Users are unlikely to be performing public-key authentication at a login prompt. The protocol provides the `keyboard-interactive' authentication method for the use of PAM-like interfaces, which certainly looks like the Right Thing to me. I can't speak for whether the PAM code in auth2-pam.c is actually sensible or not. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203181946.g2IJkmT34221>