Replying to myself.... I love that.... :-)
I have made some formatting correction on the New PIN mode (thank to Hal
Pomeranz <[EMAIL PROTECTED]> for pointing me the mistake.)
the PatchSDI[.tar] file[s] has been updated.
At 01:23 PM 5/18/99 -0700, someone using Jean Chouanard's login wrote:
>I have ported my patch to better support SecurID card over ssh-1.2.27. It
>was originally done for ssh-1.2.26 and enable New PIN mode and Next Token
>mode.
>
>Also, I have corrected a minor error (debug() -> log_msg()) and some
>sprintf moved to snprintf().
>
>See: ftp://ftp.parc.xerox.com/pub/jean/sshsdi
>
>------------------- From the readme file -----
>
>
> New SecurID support for ssh
> =====================
>
>I have extend ssh to support securID card as an Authentication mechanism.
>It has been tested for ssh-1.2.27 (Solaris // Sunos / bsdi(client) / Linux
>Redhat 6.0 (client))
>
>Why:
>===
>
>The existing support for securID was great, (thank to Donald McKillican
><[EMAIL PROTECTED]>!) but ... :-)
>
>- I wanted to be able to setup an ssh server forcing the Authentication to be
> SecurID, and securID only.
>- I didn't want to have to manage 2 files (passwd + securid.user)
>- I wanted to offer the support of the Next-Token and New-Pin-Requested so
>that
> the users will stop calling the helpdesk! :-)
>
>How to use it:
>==============
>
>Apply the Patch file to your current ssh source. See location of the Patch @
>the end.
>cd ssh-1.2.27
>patch -p1 < PatchSDI
>
>Configuration option:
>=====================
>
>Two new option will be available for the configure command:
>
>--with-sdiauth[=PATH] : will enable the new support for both Client and
>Server.
> The PATH must point to the ace directory (Include + lib)
>
>--with-sdiclauth : will enable the new support for the client only.
> No PATH needed.
>
>Server Option:
>==============
>
>SDIAuthentication yes/no : will enable or disable SDI Authentication
>
>SDICompatforcemode yes/no: will force the server, if SDIAuthentication is set
> to yes, and if the client do not have tried
> SDIAuthentication, to accept a
> PasswordAuthentiction
> (Even if it is set to no) but challenge the ace
> server with the password as the passcode.
>
>=> *** Enable compatibility for a server setup with SDIAuthentication
>*ONLY* with some client where SDIAuthentication is not defined (Existing
>client) or set to no. Of course in this case the *new* modes are not
>supported (new-pin//next token) as we use the PasswordAuth protocol.
>If SDICompatforcemode is not set and SDIAuthentication is the only
>authentication defined on the server, client not supporting
>SDIAuthentication are not able to log in.
>
>It's an easy way to setup a server supporting SDIAuth as its only
>Authentication, offering support of the new mode for the client supporting
>it, but still compatible with the existing binaries.
>
>
>Where:
>======
>
>ftp://ftp.parc.xerox.com/pub/jean/sshsdi/PatchSDI.tar.Z
>
>The Original PatchSDI for ssh-1.2.26 was moved under:
>ftp://ftp.parc.xerox.com/pub/jean/sshsdi/Old-ssh-1.2.26/
>
>
>Files modified:
>===============
>
>*** ssh-1.2.27-SDI/auth-passwd.c Wed May 12 04:19:23 1999
>*** ssh-1.2.27-SDI/config.h.in Wed May 12 04:20:04 1999
>*** ssh-1.2.27-SDI/configure Wed May 12 04:20:06 1999
>*** ssh-1.2.27-SDI/configure.in Wed May 12 04:20:02 1999
>*** ssh-1.2.27-SDI/readconf.c Wed May 12 04:19:27 1999
>*** ssh-1.2.27-SDI/readconf.h Wed May 12 04:19:27 1999
>*** ssh-1.2.27-SDI/servconf.c Wed May 12 04:19:28 1999
>*** ssh-1.2.27-SDI/servconf.h Wed May 12 04:19:28 1999
>*** ssh-1.2.27-SDI/ssh.1.in Wed May 12 04:19:30 1999
>*** ssh-1.2.27-SDI/ssh.h Wed May 12 04:19:28 1999
>*** ssh-1.2.27-SDI/sshconnect.c Wed May 12 04:19:29 1999
>*** ssh-1.2.27-SDI/sshd.8.in Wed May 12 04:19:31 1999
>*** ssh-1.2.27-SDI/sshd.c Wed May 12 04:19:29 1999
>
>
> Jean Chouanard <[EMAIL PROTECTED]>
>
> - jean -
- jean -
