[scponly] Alternate authentication methods for sftp
Ralf Durkee
rd at rd1.net
Sat Dec 20 21:50:27 EST 2003
>Date: Sat, 20 Dec 2003 19:48:21 +1000
>From: Andy Gayton <andy at thecablelounge.com>
>To: scponly at lists.ccs.neu.edu
>Subject: [scponly] Alternate authentication methods for sftp
>
>Hi All,
>
>Is it possible to authenticate of something besides the unix system
>password file for sftp only users? Perhaps from a database or from ldap?
>
>...
>Any advice is greatly apprciated!
>Andy.
Keep in mind the user is authenticated before scponly is invoked, and
before sftp-server is invoked, so the authentications available have
nothing to do with scponly or sftp. SSH is probably one of the most
flexible protocols for authentication. It's really depends mostly on the OS
and the pam methods for support rather than SSH. Although in addition to
what the OS supports (such as NIS/NIS+ or LDAP) There is special support
for Kerberos that may be compiled in. LDAP would be supported via PAM.
Other authentications with special support:
Public-key
TIS (Trusted Information Systems)
Login Password (such as NIS/NIS+ Kerberos, S/Key, SecureID, one-Time-Password)
Rhosts (not recommended)
-- Ralf Durkee, GSEC, GCIH
Information Security Consultant
http://rd1.net
More information about the scponly
mailing list