[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos support in ssh/lsh

Brian May <bmay@csse.monash.edu.au> writes:

> So, please don't break a good authentication system by implementing a
> hacked version of the protocol.

Well, some people (including people who ought to understand the
drawbacks) wants this. I think it makes sense in some circumstances.

> (If you really wanted to, I think you could do this via PAM anyway).

I couldn't do that. The interface of PAM is brain-damaged, and it is
unusable for network authentication. (For an lsh-centric explanation
why, see <URL: http://www.lysator.liu.se/~nisse/lsh/doc/NOTES>). I
haven't looked at SASL.