diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-08-17 22:03:09 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-08-17 22:03:09 +1000 |
| commit | 1a32953e487ceb311e38b603f270d7ddbd241a04 (patch) | |
| tree | 6974c23d16c59d0e17ec71578addc48c0b9e4598 | |
| parent | 637cc404c655ba935a28b03c813a949d45fa2d35 (diff) | |
- (dtucker) [INSTALL] Group the parts describing random options and PAM
implementations together which is hopefully more coherent.
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | INSTALL | 49 |
2 files changed, 28 insertions, 25 deletions
@@ -2,6 +2,8 @@ - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked accounts and that's what the code looks for, so make man page and code agree. Pointed out by Roumen Petrov. + - (dtucker) [INSTALL] Group the parts describing random options and PAM + implementations together which is hopefully more coherent. 20070816 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated @@ -3178,4 +3180,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4732 2007/08/16 23:42:32 dtucker Exp $ +$Id: ChangeLog,v 1.4733 2007/08/17 12:03:09 dtucker Exp $ @@ -14,31 +14,11 @@ Blowfish) do not work correctly.) The remaining items are optional. -OpenSSH can utilise Pluggable Authentication Modules (PAM) if your -system supports it. PAM is standard most Linux distributions, Solaris, -HP-UX 11 and AIX >= 5.2. - NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random. If you don't you will have to rely on ssh-rand-helper, which -is inferior to a good kernel-based solution. - -Linux PAM: -http://www.kernel.org/pub/linux/libs/pam/ - -OpenPAM: -http://www.openpam.org/ - -If you wish to build the GNOME passphrase requester, you will need the GNOME -libraries and headers. - -GNOME: -http://www.gnome.org/ - -Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11 -passphrase requester. This is maintained separately at: - -http://www.jmknoble.net/software/x11-ssh-askpass/ +/dev/random, or failing that, either prngd or egd. If you don't have +any of these you will have to rely on ssh-rand-helper, which is inferior +to a good kernel-based solution or prngd. PRNGD: @@ -54,6 +34,27 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ +OpenSSH can utilise Pluggable Authentication Modules (PAM) if your +system supports it. PAM is standard most Linux distributions, Solaris, +HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD. + +Information about the various PAM implementations are available: + +Solaris PAM: http://www.sun.com/software/solaris/pam/ +Linux PAM: http://www.kernel.org/pub/linux/libs/pam/ +OpenPAM: http://www.openpam.org/ + +If you wish to build the GNOME passphrase requester, you will need the GNOME +libraries and headers. + +GNOME: +http://www.gnome.org/ + +Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11 +passphrase requester. This is maintained separately at: + +http://www.jmknoble.net/software/x11-ssh-askpass/ + S/Key Libraries: If you wish to use --with-skey then you will need the library below @@ -254,4 +255,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.80 2007/08/17 11:40:22 dtucker Exp $ +$Id: INSTALL,v 1.81 2007/08/17 12:03:10 dtucker Exp $ |