Security
Showing results for 
Search instead for 
Do you mean 

TCP/IP - SSH Does Not Support External Password Authentication

Occasional Advisor

TCP/IP - SSH Does Not Support External Password Authentication

In 2006 this statement is detailed in <>

Where can I find out what plans there are to support this or if support already exists?

I would like to be able to have incoming ssh sessions use the ACME ldap-std.
4 REPLIES
Honored Contributor Honored Contributor

Re: TCP/IP - SSH Does Not Support External Password Authentication

Occasional Advisor

Re: TCP/IP - SSH Does Not Support External Password Authentication

So, the latest news is still 'Converting various TCP/IP Services components (IMAP, POP, PCNFS, XDM, and yes, SSH) to use the $ACM system service for password authentication is on the worklist for a future release.'

Is there any news on an actual release date for this future release? I don't need an exact date, but to quote one of Mel Brooks' masterpieces "When will then be now?"
Occasional Advisor

Re: TCP/IP - SSH Does Not Support External Password Authentication

Could this be a possible workaround?

Create a captive account, which all users must use when they set up an ssh session to the openvms platform.
Restrict this captive account to execute a seth 0, forcing the user to provide his/her own credentials.
ACME LDAP will pick up the auth for accounts that have the remauth flag set.
Make sure that the OpenVMS system only allows ssh sessions for the captive account (sylogin.com).

Haven't tested this yet and I don't know if such a setup will process incoming sftp sessions properly...
Occasional Advisor

Re: TCP/IP - SSH Does Not Support External Password Authentication

Solved through third party software.