From owner-cvs-all Wed May 24 15:19:58 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0D39C37B762; Wed, 24 May 2000 15:19:55 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA24261; Wed, 24 May 2000 15:19:54 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 24 May 2000 15:19:54 -0700 (PDT) From: Kris Kennaway To: "Jeroen C. van Gelderen" Cc: Garrett Wollman , "Andrey A. Chernov" , Peter Wemm , Sheldon Hearn , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/crypto/openssh sshd_config In-Reply-To: <392C3E40.E0D8974D@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 24 May 2000, Jeroen C. van Gelderen wrote: > Not really, sshd just happens to do authentication. The real job > for sshd is to provide host authentication and a secure network > connection over which user authentication can take place. > > Since user authentication is needed by more than one program it > should live in it's own process. Right now there is code > duplication and it is impossible to change the authentication > policy without messing with sshd. This is precisely the point of PAM. Someone needs to PAMerize OpenSSH so we don't have duplicated kerberos/opie/password authentication code in there, although it might be annoying to maintain unless we can get the patches back-integrated. OTOH, hopefully OpenSSH is more stable against major code restructurings now that SSH2 support is in. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message