From: Paul Boven (p.boven@chello.nl)
Date: Tue Feb 03 2004 - 08:45:00 EST
Hi everyone,
I realise this is a much talked-about subject already, but I wonder if
anyone has gotten better results for this combination than I have.
Status so far:
System is Solaris 9, Sun Compiler Collection 7.
I've gotten hold of opie-2.4 from http://www.inner.net/pub/opie and got
it to compile and pass it's internal tests.
Then I used the pam_opie.c from the same site and built pam_opie.so,
which works fine when I use it with telnet.
My pam.conf:
telnet auth requisite pam_authtok_get.so.1
telnet auth sufficient pam_opie.so.1
telnet auth required pam_unix_auth.so.1
I can now either authenticate using my password, -or- my opie-key, both
work.
The next step is building the latest openssh-release:
./configure --with-pam --without-privsep --sysconfdir=/etc/ssh
(I've also tried this with privsep to no avail).
When I set UsePAM=yes in the sshd-config, it will ask for the password
more often (so it is indeed passing authentication to PAM) but the
client will not display the challenge. The interesting thing is that
when I run 'sshd -d', the *daemon* will print the OPIE challenge, and I
can then enter it into the STDIN of the daemon, after which the client
succesfully logs in. Although it is of course quite useless to log in
this way, it does indicate to me that I'm -almost- there (I hope).
So, has anyone gotten better results with intergrating OPIE with a
current OpenSSH?
Regards, Paul Boven.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:57 EDT