[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kerberos support in ssh/lsh
Brian May <email@example.com> writes:
> So, please don't break a good authentication system by implementing a
> hacked version of the protocol.
Well, some people (including people who ought to understand the
drawbacks) wants this. I think it makes sense in some circumstances.
> (If you really wanted to, I think you could do this via PAM anyway).
I couldn't do that. The interface of PAM is brain-damaged, and it is
unusable for network authentication. (For an lsh-centric explanation
why, see <URL: http://www.lysator.liu.se/~nisse/lsh/doc/NOTES>). I
haven't looked at SASL.