I have ported my patch to better support SecurID card over ssh-1.2.27. It
was originally done for ssh-1.2.26 and enable New PIN mode and Next Token
mode.
Also, I have corrected a minor error (debug() -> log_msg()) and some
sprintf moved to snprintf().
See: ftp://ftp.parc.xerox.com/pub/jean/sshsdi
------------------- From the readme file -----
New SecurID support for ssh
=====================
I have extend ssh to support securID card as an Authentication mechanism.
It has been tested for ssh-1.2.27 (Solaris // Sunos / bsdi(client) / Linux
Redhat 6.0 (client))
Why:
===
The existing support for securID was great, (thank to Donald McKillican
<[EMAIL PROTECTED]>!) but ... :-)
- I wanted to be able to setup an ssh server forcing the Authentication to be
SecurID, and securID only.
- I didn't want to have to manage 2 files (passwd + securid.user)
- I wanted to offer the support of the Next-Token and New-Pin-Requested so
that
the users will stop calling the helpdesk! :-)
How to use it:
==============
Apply the Patch file to your current ssh source. See location of the Patch @
the end.
cd ssh-1.2.27
patch -p1 < PatchSDI
Configuration option:
=====================
Two new option will be available for the configure command:
--with-sdiauth[=PATH] : will enable the new support for both Client and
Server.
The PATH must point to the ace directory (Include + lib)
--with-sdiclauth : will enable the new support for the client only.
No PATH needed.
Server Option:
==============
SDIAuthentication yes/no : will enable or disable SDI Authentication
SDICompatforcemode yes/no: will force the server, if SDIAuthentication is set
to yes, and if the client do not have tried
SDIAuthentication, to accept a PasswordAuthentiction
(Even if it is set to no) but challenge the ace
server with the password as the passcode.
=> *** Enable compatibility for a server setup with SDIAuthentication
*ONLY* with some client where SDIAuthentication is not defined (Existing
client) or set to no. Of course in this case the *new* modes are not
supported (new-pin//next token) as we use the PasswordAuth protocol.
If SDICompatforcemode is not set and SDIAuthentication is the only
authentication defined on the server, client not supporting
SDIAuthentication are not able to log in.
It's an easy way to setup a server supporting SDIAuth as its only
Authentication, offering support of the new mode for the client supporting
it, but still compatible with the existing binaries.
Where:
======
ftp://ftp.parc.xerox.com/pub/jean/sshsdi/PatchSDI.tar.Z
The Original PatchSDI for ssh-1.2.26 was moved under:
ftp://ftp.parc.xerox.com/pub/jean/sshsdi/Old-ssh-1.2.26/
Files modified:
===============
*** ssh-1.2.27-SDI/auth-passwd.c Wed May 12 04:19:23 1999
*** ssh-1.2.27-SDI/config.h.in Wed May 12 04:20:04 1999
*** ssh-1.2.27-SDI/configure Wed May 12 04:20:06 1999
*** ssh-1.2.27-SDI/configure.in Wed May 12 04:20:02 1999
*** ssh-1.2.27-SDI/readconf.c Wed May 12 04:19:27 1999
*** ssh-1.2.27-SDI/readconf.h Wed May 12 04:19:27 1999
*** ssh-1.2.27-SDI/servconf.c Wed May 12 04:19:28 1999
*** ssh-1.2.27-SDI/servconf.h Wed May 12 04:19:28 1999
*** ssh-1.2.27-SDI/ssh.1.in Wed May 12 04:19:30 1999
*** ssh-1.2.27-SDI/ssh.h Wed May 12 04:19:28 1999
*** ssh-1.2.27-SDI/sshconnect.c Wed May 12 04:19:29 1999
*** ssh-1.2.27-SDI/sshd.8.in Wed May 12 04:19:31 1999
*** ssh-1.2.27-SDI/sshd.c Wed May 12 04:19:29 1999
Jean Chouanard <[EMAIL PROTECTED]>
- jean -
