The attached patch solves the problem of having to enter two passwords
when SecurID is enabled via /etc/securid.users. With this version,
only the SecurID passphrase is required when the user is configured
to use SecurID. In particular, this allows scp to work transparently
with SecurID, because the login shell (i.e. /bin/ksh instead of
/usr/ace/sdshell) does not require a second (in-band) password.
This patch for SSH 1.2.27 replaces the /etc/securid.users file with
a keyword in sshd_config: Instead of searching for the user in an
auxiliary file, we check if the user's shell is a "SecurID Shell",
i.e. one in a list of maximum 8 (or _all_ shells if * is specified).
I.e. the name of the user's shell controls if SecurID or classic
authentication is required.
Adrian Steinmann
_______________________________________________________________________
Dr. Adrian Steinmann Steinmann Consulting Apollostrasse 21 8032 Zurich
Tel +41 1 380 30 83 Fax +41 1 380 30 85 Mailto:[EMAIL PROTECTED]
SecurID4ssh1.2.27.patch
SecurID4ssh1.2.27.patch;x-unix-mode=0644- Submission: Transparent support for SecurID in SSH1.2.27 ... Adrian Steinmann
- Submission: Transparent support for SecurID in SSH1.... Adrian Steinmann
