Date: Wed, 24 May 2000 16:40:32 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: "Andrey A. Chernov" <ache@FreeBSD.ORG>, Peter Wemm <peter@netplex.com.au>, Sheldon Hearn <sheldonh@uunet.co.za>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/crypto/openssh sshd_config Message-ID: <392C3E40.E0D8974D@vangelderen.org> References: <sheldonh@uunet.co.za> <20000524090528.ECF641CE1@overcee.netplex.com.au> <20000524022840.C79861@freebsd.org> <200005241446.KAA60257@khavrinen.lcs.mit.edu> <20000524075921.A53829@freebsd.org> <200005241709.NAA60822@khavrinen.lcs.mit.edu> <20000524105558.A3407@freebsd.org> <200005241853.OAA61188@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman wrote: > > <<On Wed, 24 May 2000 10:55:59 -0700, "Andrey A. Chernov" <ache@FreeBSD.ORG> said: > > > -f effectively disable many login auth it have or can have, so no reason for > > UseLogin left. > > It's ssh's job to do authentication. Not really, sshd just happens to do authentication. The real job for sshd is to provide host authentication and a secure network connection over which user authentication can take place. Since user authentication is needed by more than one program it should live in it's own process. Right now there is code duplication and it is impossible to change the authentication policy without messing with sshd. The current situation exists because it's easier to handle the authentication in the sshd binary than to patch the zillion systems out there to DTRT. This was a good decision when sshd was a drop-in package but maybe not now that it is part of the base system. Cheers, Jeroen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?392C3E40.E0D8974D>