topic Re: TCP/IP - SSH Does Not Support External Password Authentication in Operating System - OpenVMS

TCP/IP - SSH Does Not Support External Password Authentication

Joost van der Knaap — Fri, 19 Sep 2008 10:50:56 GMT

In 2006 this statement is detailed in <>

Where can I find out what plans there are to support this or if support already exists?

I would like to be able to have incoming ssh sessions use the ACME ldap-std.

Re: TCP/IP - SSH Does Not Support External Password Authentication

Wim Van den Wyngaert — Fri, 19 Sep 2008 12:02:30 GMT

http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1221829295183+28353475&threadId=1214767

Wim

Re: TCP/IP - SSH Does Not Support External Password Authentication

Joost van der Knaap — Fri, 19 Sep 2008 12:16:29 GMT

So, the latest news is still 'Converting various TCP/IP Services components (IMAP, POP, PCNFS, XDM, and yes, SSH) to use the $ACM system service for password authentication is on the worklist for a future release.'

Is there any news on an actual release date for this future release? I don't need an exact date, but to quote one of Mel Brooks' masterpieces "When will then be now?"

Re: TCP/IP - SSH Does Not Support External Password Authentication

Joost van der Knaap — Thu, 13 Aug 2009 12:14:43 GMT

Could this be a possible workaround?

Create a captive account, which all users must use when they set up an ssh session to the openvms platform.
Restrict this captive account to execute a seth 0, forcing the user to provide his/her own credentials.
ACME LDAP will pick up the auth for accounts that have the remauth flag set.
Make sure that the OpenVMS system only allows ssh sessions for the captive account (sylogin.com).

Haven't tested this yet and I don't know if such a setup will process incoming sftp sessions properly...

Re: TCP/IP - SSH Does Not Support External Password Authentication

Joost van der Knaap — Wed, 18 Aug 2010 08:38:44 GMT

Solved through third party software.