Use OPIE without PAM

Alexander Kriegisch Alexander at
Tue Jul 31 21:16:52 WST 2007

Thanks for your comments, Matt. I think you are right, opielogin might
not be a good idea. I do not know about any docs concerning libopie,
though. I just found a this article describing how to use OPIE with sshd
and PAM: It contains
links to the tools mentioned there. Does that help in any way?

Alexander Kriegisch

> The problem I see with opielogin is that it doesn't let
> Dropbear know whether auth has succeeded or not. The only
> real way of using opielogin is to make SSH's own
> authentication allow any valid user to log in with any (or
> no) password, then run opielogin for a shell. TCP/agent/X11
> forwarding wouldn't be possible either. I'm kind of wary of
> this solution since it doesn't seem that secure.
> It might be better to use libopie to handle authentication,
> then run a shell as normal. I couldn't find any docs on
> libopie though - is it still maintained?
> It's a shame there isn't a nice lightweight network auth
> solution for Unixes - PAM is kind of crufty and ill-suited.

More information about the Dropbear mailing list