Replacing User Authentication Method (with version)

• Previous message: Alpt: "Re: OpenSSH -- a way to block recurrent login failures?"
• Next in thread: Greg Waltz: "Re: Replacing User Authentication Method (with version)"
• Maybe reply: Greg Waltz: "Re: Replacing User Authentication Method (with version)"
• Reply: Muhammad Naseer Bhatti: "RE: Replacing User Authentication Method (with version)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 21 Sep 2004 11:12:52 -0400
To: secureshell@securityfocus.com

I am working on a system that runs sshd to allow access to a particular
application on the system. There is a shell-type application that
authenticates the user with the main application and provides the UI.
Currently, the client must send a user name when connecting via ssh
(i.e. ssh dummy@host). The user name, dummy, is a user in /etc/passwd
that has no password. The sshd_config allows empty passwords so that the
user goes directly to the shell application, which takes care of the
actual user authentication.

What I would like to do is to eliminate the dummy user and have
authentication take place via the proprietary shell application. For
example, I am already using agetty to do the same on non-network
consoles: "agetty -n -l /usr/bin/myshell -L /dev/console_device bps
term_type"
Similarly, I am also using "in.telnetd -L /usr/bin/myshell" to do the
same for telnet.

What is a good way to replace/bypass ssh's user authentication?
Is PAM the way to do something like that?

I am using Open SSH 3.8.1p1.

Thanks

-- 
Greg Waltz

• Previous message: Alpt: "Re: OpenSSH -- a way to block recurrent login failures?"
• Next in thread: Greg Waltz: "Re: Replacing User Authentication Method (with version)"
• Maybe reply: Greg Waltz: "Re: Replacing User Authentication Method (with version)"
• Reply: Muhammad Naseer Bhatti: "RE: Replacing User Authentication Method (with version)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]