Re: Generic challenge-repsonse aunetication in ssh2

[Chris Newman]

On Thu, 4 Feb 1999, Martin Forssen wrote:
> Attached below follows a proposal for a new authentication method for
> SSH2. This new method implements general challenge-response
> authentication.

If you do a challenge response mechanism, make it compatible with HTTP
Digest and the DIGEST mechanism:

  <http://www.ietf.org/internet-drafts/draft-leach-digest-sasl-01.txt>

As was noted by others, ill-conceived security APIs like PAM actually make
network security harder so convergence on a single challenge-response
mechanism is important for multi-protocol code reuse and interoperability.

                - Chris