[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos support in ssh/lsh

To: Brian May <bmay@csse.monash.edu.au>
Subject: Re: kerberos support in ssh/lsh
From: nisse@lysator.liu.se (Niels Möller)
Date: 05 Oct 2000 10:56:15 +0200
Cc: eichin@thok.org (Mark W. Eichin), heimdal-discuss@sics.se, bg@sics.se
In-Reply-To: Brian May's message of "05 Oct 2000 13:04:38 +1100"
References: <nn8zs4vio4.fsf@sture.lysator.liu.se> <xe1itr8jzj0.fsf@climb-a-tree.thok.org> <x3r8zs482mh.fsf@lyell.csse.monash.edu.au>
Sender: owner-heimdal-discuss@sics.se

Brian May <bmay@csse.monash.edu.au> writes:

> So, please don't break a good authentication system by implementing a
> hacked version of the protocol.

Well, some people (including people who ought to understand the
drawbacks) wants this. I think it makes sense in some circumstances.

> (If you really wanted to, I think you could do this via PAM anyway).

I couldn't do that. The interface of PAM is brain-damaged, and it is
unusable for network authentication. (For an lsh-centric explanation
why, see <URL: http://www.lysator.liu.se/~nisse/lsh/doc/NOTES>). I
haven't looked at SASL.

/Niels

Follow-Ups:
- Re: kerberos support in ssh/lsh
  - From: Brian May <bmay@csse.monash.edu.au>
- Re: kerberos support in ssh/lsh
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>

References:
- kerberos support in ssh/lsh
  - From: nisse@lysator.liu.se (Niels Möller)
- Re: kerberos support in ssh/lsh
  - From: eichin@thok.org (Mark W. Eichin)
- Re: kerberos support in ssh/lsh
  - From: Brian May <bmay@csse.monash.edu.au>

Prev by Date: Re: kerberos support in ssh/lsh
Next by Date: Re: kerberos support in ssh/lsh
Prev by thread: Re: kerberos support in ssh/lsh
Next by thread: Re: kerberos support in ssh/lsh
Index(es):
- Date
- Thread