[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

forcing users to s/key only

To: misc@openbsd.org
Subject: forcing users to s/key only
From: Colin Corbett <openbsd-misc@congiman.com>
Date: Thu, 2 Mar 2000 13:17:40 -0800 (PST)

Hello,
First time post, so hopefully I'm following all the rules.

Looking for: (requirements)

A way to make users only use skey into a 2.6 box from windows machines.
If they had to enter a password, and then still pass a s/key challenge
that would be acceptable too.

Thought Process and problems encountered.

1:  Let users log in via passwd and then throw them through keysh.   
-- Keysh is not ported to Openbsd yet.  (Not in the ports, or in the 
general dist).  I took a quick look at how much has changed versus 
the crimelab keyinit.c and the 2.6 keyinit.c and decided that doing 
anything with porting the crimelab keysh.c is beyond my present ability.

2:  Let ssh use the UseLogin flag and have login do the s/key 
authentication. -- Again users have to be willing to type "s/key" 
as their password.  There is no way to force them or to force login 
to do s/key.

3:  Force ssh to s/key only.  -- There is no option for this.  Users 
have to type "s/key" as their password.  This breaks a few windows 
ssh clients, (as well as only works on unix if you type ssh -v). 
 Thank you FAQ.  How possible would it be to get a "s/key" only option?
Well not really, as mentioned in the posts in 11/99 


s/key skey keysh (words for the search)

Thanks in advance
-- Colin

Follow-Ups:
- Re: forcing users to s/key only
  - From: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>

Prev by Date: ip aliasing
Next by Date: Re: Multiple DHCPed IPs on the same device
Prev by thread: Re: ip aliasing
Next by thread: Re: forcing users to s/key only
Index(es):
- Date
- Thread