OpenSSH Linux portable patch proposal

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Dear OpenSSH Developers,

I would like to propose a patch to OpenSSH for Linux. In the recent few
months, I have encountered a scenario where a PAM module used for
authentication in SSH should be informed about the previous successful
authentication methods. I described the complete scenario here:
http://serverfault.com/questions/690038/openssh-two-factor-authentication-combined-with-kerberos-public-key
In this use case, I want to introduce a 2nd factor for authentication while
accepting public key or GSSAPI authentication as first factor. If and only
if none of those methods were successful, a password authentication should
be performed before the second factor.

I also e-mailed this to this mailing list on 4 May. On the basis of a reply
from Damien Miller, there is currently no way to fully accomplish this
scenario with OpenSSH server. So I have made a PoC implementation that I
think does the trick:

https://github.com/dgyuri92/openssh-portable/commit/4a006cad8e3f8b9277ce41747d11261175c161e2

Would you be so kind as to take a look at it? Do you think it could be
beneficial for other users too? I think it would be a nice feature to have,
especially in use cases like mine and it is quite a small patch. Is there a
chance that this patch - or a functionally equivalent one - can be
integrated into future releases?

Thank you very much!

Cheers,
György Demarcsek
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux