Operating System - OpenVMS
1747980 Members
4404 Online
108756 Solutions
New Discussion юеВ

Re: TCP/IP - SSH Does Not Support External Password Authentication

 
Joost van der Knaap
Occasional Advisor

TCP/IP - SSH Does Not Support External Password Authentication

In 2006 this statement is detailed in <>

Where can I find out what plans there are to support this or if support already exists?

I would like to be able to have incoming ssh sessions use the ACME ldap-std.
4 REPLIES 4
Wim Van den Wyngaert
Honored Contributor

Re: TCP/IP - SSH Does Not Support External Password Authentication

Joost van der Knaap
Occasional Advisor

Re: TCP/IP - SSH Does Not Support External Password Authentication

So, the latest news is still 'Converting various TCP/IP Services components (IMAP, POP, PCNFS, XDM, and yes, SSH) to use the $ACM system service for password authentication is on the worklist for a future release.'

Is there any news on an actual release date for this future release? I don't need an exact date, but to quote one of Mel Brooks' masterpieces "When will then be now?"
Joost van der Knaap
Occasional Advisor

Re: TCP/IP - SSH Does Not Support External Password Authentication

Could this be a possible workaround?

Create a captive account, which all users must use when they set up an ssh session to the openvms platform.
Restrict this captive account to execute a seth 0, forcing the user to provide his/her own credentials.
ACME LDAP will pick up the auth for accounts that have the remauth flag set.
Make sure that the OpenVMS system only allows ssh sessions for the captive account (sylogin.com).

Haven't tested this yet and I don't know if such a setup will process incoming sftp sessions properly...
Joost van der Knaap
Occasional Advisor

Re: TCP/IP - SSH Does Not Support External Password Authentication

Solved through third party software.