| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT sources DOT redhat DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT sources DOT redhat DOT com> |
| List-Help: | <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-owner AT sources DOT redhat DOT com |
| Delivered-To: | mailing list cygwin AT sources DOT redhat DOT com |
| Message-ID: | <007901c0baf5$4401dae0$0200a8c0@lifelesswks> |
| From: | "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au> |
| To: | "Corinna Vinschen" <cygwin AT cygwin DOT com> |
| References: | <F224PGmYCESUQoPqajB0001264c AT hotmail DOT com> <20010401192625 DOT D17860 AT cygbert DOT vinschen DOT de> |
| Subject: | Re: ssh Authentication--RSA/Password |
| Date: | Mon, 2 Apr 2001 07:46:44 +1000 |
| MIME-Version: | 1.0 |
| X-Priority: | 3 |
| X-MSMail-Priority: | Normal |
| X-Mailer: | Microsoft Outlook Express 5.50.4133.2400 |
| X-MimeOLE: | Produced By Microsoft MimeOLE V5.50.4133.2400 |
| X-OriginalArrivalTime: | 01 Apr 2001 21:41:13.0331 (UTC) FILETIME=[79202430:01C0BAF4] |
----- Original Message ----- From: "Corinna Vinschen" <cygwin AT cygwin DOT com> > > It's a lot of work. > > It had to use a NT low level authentication library called LSA > (Local Security Authority). It requires writing a special DLL called > LSA authentication module which has to be installed in the system > together with a change in the registry. Then sshd would have to be > splited into two parts, the sshd service itself which controls the > communication and calls the LSA module and the LSA module which would > have to check the RSA/DSA keys and to allow the log in. > > Note that that means that OpenSSH would need a lot of restructuring > just to be able to allow RSA/DSA on one system (WinNT) while it works > wonderful on all other systems (OpenBSD, Linux, Solaris, Win9x, ...). > > > Are you considering writing it in the future? > > We already considered to write it but since it's a very time consuming > effort neither I nor anybody else at Red Hat would be able to do it > without a paying customer. The result would then be OSS again as long > as the customer doesn't demand getting a proprietary solution (which > I don't hope). What about a community sponsored effort - ie via one of the "open source markets". I'm just thinking there are enough folk here who are interested in this, may be we could collectively fund it? > BTW, using that method for logon introduces another problem. Since the > user never typed her password the created user token has no credentials > to open network connections. This requires the user to call > `net use ...' for each network resource and each call requires a > password! Could they use ssh to authenticate to other NT machines with the ssh LSA extension installed? Rob -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |