http://marc.theaimsgroup.com/?l=secure-shell&m=94693990211130&w=2

List:     secure-shell
Subject:  Submission: Transparent support for SecurID in SSH1.2.27 (scp)
From:     Adrian Steinmann <ast@marabu.ch>
Date:     2000-01-03 21:09:02

--NeXT-Mail-1409056526-1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The patch at 

http://www.webgroup.ch/ast/SecurID4ssh1.2.27.patch

solves the problem of having to enter two passwords
when SecurID is enabled via  /etc/securid.users. With this version,
only the SecurID passphrase is required when the user is configured
to use SecurID. In particular, this allows scp to work transparently
with SecurID, because the login shell (i.e. /bin/ksh instead of
/usr/ace/sdshell) does not require a second (in-band) password.

This patch for SSH 1.2.27 replaces the /etc/securid.users file with
a keyword in sshd_config: Instead of searching for the user in an
auxiliary file, we check if the user's shell is a "SecurID Shell",
i.e. one in a list of maximum 8 (or _all_ shells if * is specified).
I.e.  the name of the user's shell controls if SecurID or classic
authentication is required.

Adrian Steinmann
_______________________________________________________________________
Dr. Adrian Steinmann  Steinmann Consulting  Apollostrasse 21  8032 Zurich
   Tel +41 1 380 30 83     Fax +41 1 380 30 85    Mailto:ast@marabu.ch

--NeXT-Mail-1409056526-1
Content-Type: text/enriched; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The patch at 


http://www.webgroup.ch/ast/SecurID4ssh1.2.27.patch


solves the problem of having to enter two passwords

when SecurID is enabled via  /etc/securid.users. With this version,

only the SecurID passphrase is required when the user is configured

to use SecurID. In particular, this allows scp to work transparently

with SecurID, because the login shell (i.e. /bin/ksh instead of

/usr/ace/sdshell) does not require a second (in-band) password.


This patch for SSH 1.2.27 replaces the /etc/securid.users file with

a keyword in sshd_config: Instead of searching for the user in an

auxiliary file, we check if the user's shell is a "SecurID Shell",

i.e. one in a list of maximum 8 (or _all_ shells if * is specified).

I.e.  the name of the user's shell controls if SecurID or classic

authentication is required.


<bold>Adrian Steinmann

</bold>_______________________________________________________________________

Dr. Adrian Steinmann  Steinmann Consulting  Apollostrasse 21  8032 Zurich

   Tel +41 1 380 30 83     Fax +41 1 380 30 85    Mailto:ast@marabu.ch


--NeXT-Mail-1409056526-1--