[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos support in ssh/lsh

>>>>> "GOMBAS" == GOMBAS Gabor <gombasg@inf.elte.hu> writes:

    GOMBAS> Let me argue that. The interface of PAM is not
    GOMBAS> brain-damaged at all. It is designed to provide
    GOMBAS> _interactive_ _password-based_ authentication
    GOMBAS> services. It's quite true however that the SSH protocol
    GOMBAS> does not support interactive authentication at all (at
    GOMBAS> least the 1.x versions do not; I haven't looked at the 2.0
    GOMBAS> protocol closely yet). By saying that I mean that the SSH
    GOMBAS> protocol cannot be dynamically extended with message types
    GOMBAS> the client does not know about before - and that's what
    GOMBAS> PAM does...

How does openssh deal with this problem?
Brian May <bmay@csse.monash.edu.au>