Use OPIE without PAM
Alexander at Kriegisch.name
Tue Jul 31 21:16:52 WST 2007
Thanks for your comments, Matt. I think you are right, opielogin might
not be a good idea. I do not know about any docs concerning libopie,
though. I just found a this article describing how to use OPIE with sshd
and PAM: http://www.heise-security.co.uk/articles/88570. It contains
links to the tools mentioned there. Does that help in any way?
> The problem I see with opielogin is that it doesn't let
> Dropbear know whether auth has succeeded or not. The only
> real way of using opielogin is to make SSH's own
> authentication allow any valid user to log in with any (or
> no) password, then run opielogin for a shell. TCP/agent/X11
> forwarding wouldn't be possible either. I'm kind of wary of
> this solution since it doesn't seem that secure.
> It might be better to use libopie to handle authentication,
> then run a shell as normal. I couldn't find any docs on
> libopie though - is it still maintained?
> It's a shame there isn't a nice lightweight network auth
> solution for Unixes - PAM is kind of crufty and ill-suited.
More information about the Dropbear