Date: Wed, 24 May 2000 15:19:54 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, Peter Wemm <peter@netplex.com.au>, Sheldon Hearn <sheldonh@uunet.co.za>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/crypto/openssh sshd_config Message-ID: <Pine.BSF.4.21.0005241518170.24095-100000@freefall.freebsd.org> In-Reply-To: <392C3E40.E0D8974D@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 May 2000, Jeroen C. van Gelderen wrote:
> Not really, sshd just happens to do authentication. The real job
> for sshd is to provide host authentication and a secure network
> connection over which user authentication can take place.
>
> Since user authentication is needed by more than one program it
> should live in it's own process. Right now there is code
> duplication and it is impossible to change the authentication
> policy without messing with sshd.
This is precisely the point of PAM. Someone needs to PAMerize OpenSSH so
we don't have duplicated kerberos/opie/password authentication code in
there, although it might be annoying to maintain unless we can get the
patches back-integrated. OTOH, hopefully OpenSSH is more stable against
major code restructurings now that SSH2 support is in.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005241518170.24095-100000>