Subject: Re: PAM and OpenSSH
To: Emmanuel Dreyfus <manu@NetBSD.org>
From: Love <lha@stacken.kth.se>
List: tech-userlevel
Date: 01/26/2005 10:30:27
--=-=-=
manu@NetBSD.org (Emmanuel Dreyfus) writes:
> Love <lha@stacken.kth.se> wrote:
>
>> There will remain krb5 bits in sshd for legacy Kerberos protocol support,
>> those part that doesn't deal with password but rather the kerberos protocol
>> itself.
>
> PAM doesn't only deal with passwords, that's why I ask. It also has
> hooks for opening and closing sessions. After adding support for PAM in
> su and login, no kerberos code remain at all. How is it different with
> sshd? Or did I removed things that needed to stay in su and login?
su and login only deal with passwords as _input_.
sshd can use kerberos protocol as input (directly or via gssapi).
PAM solve the problem where you get password as input, and sideeffects
after that.
Love
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (NetBSD)
iQIVAwUAQfdjNRZyDLTSep3UAQI2Eg//W0+lZ1UqHD7nw0ZrYW34qg34Oi2U0gEn
tpv3OGJdnVUfOww6O6tEiYztVqimR+1RF7DVDKn+D4935OjyYfR8eLVCX+qqDrsZ
Zne9iq2h89nq1RnnbVpAl9ywrcb7pXaElH+UoUlSZlUcC4f9UzPz3NfVBHPAW4BF
rS2NWF8mSe12PD+gkBgAKKyIVtmdmcEmWIU82gZ7gPAjf8SDvn7aE0WbZ0lSfNye
ozJEPDm3tExARtHh2j8FjtywDN7sWBLXvsojoMEPYepnB8eOgRQWD+tht0jhc/+R
V56BY6ZvETPL1KKlmDkpVUmr0+xDRoaQHFQiLNfg/kaItEebsBK1xxXEc60RkcIF
uwTEQVlZSqPq0KyBf1g/IGHlYs2QYcROUTe/qXzsSj4iJv+6fbbBNP5WMUXaXpsz
R/8a8Fae4oVQPlbo1ghfvjrpSd5wO6uqJecBy90NJ7BTweZeaCPXG4gSeMJD4ofl
rnOzLd/bDcyb/tPsUVw3ALanlS1Ul7RvaP5r1CDBpLKSAGuVJzC4q5BfVvk6ZtCe
TzFqLwZd6RPkg9J61qnbC70hhB0n5SzPSDkHeW2P28iZHXC/QVTpcMhjOqo5t0jv
CMf/c3lV6ZY6ydW2RGUHCZT1XVYivY5uOThY1rTgB5mcsG8ah3S7uy35dEK8RtjJ
VWYT9flSnno=
=IGyU
-----END PGP SIGNATURE-----
--=-=-=--