| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-08-15 | remove unused define. markus@ ok. | Federico G. Schwindt | |
| 2008-11-04 | Add support for an experimental zero-knowledge password authentication | Damien Miller | |
| method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@ | |||
| 2008-07-02 | Merge duplicate host key file checks, based in part on a patch from Rob | Darren Tucker | |
| Holland via bz #1348 . Also checks for non-regular files during protocol 1 RSA auth. ok djm@ | |||
| 2007-09-21 | unifdef -DBSD_AUTH | Damien Miller | |
| unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@ | |||
| 2007-08-23 | login_cap.h doesn't belong here | Damien Miller | |
| 2006-08-18 | delay authentication related cleanups until we're authenticated and | Markus Friedl | |
| all alarms have been cancelled; ok deraadt | |||
| 2006-08-03 | almost entirely get rid of the culture of ".h files that include .h files" | Theo de Raadt | |
| ok djm, sort of ok stevesk makes the pain stop in one easy step | |||
| 2006-08-01 | move #include <stdio.h> out of includes.h | Kevin Steves | |
| 2006-07-23 | #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> | Kevin Steves | |
| move | |||
| 2006-07-06 | move #include <pwd.h> out of includes.h; ok markus@ | Kevin Steves | |
| 2006-04-20 | replace the last non-sig_atomic_t flag used in a signal handler with a | Damien Miller | |
| sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@ | |||
| 2006-03-25 | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | Damien Miller | |
| 2005-06-06 | introduce a generic %foo expansion function. replace existing % expansion and | Damien Miller | |
| add expansion to ControlPath; ok markus@ | |||
| 2004-05-23 | Add MaxAuthTries sshd config option; ok markus@ | Darren Tucker | |
| 2004-01-30 | support for password change; ok dtucker@ | Markus Friedl | |
| (set password-dead=1w in login.conf to use this). | |||
| 2003-11-04 | standardise arguments to auth methods - they should all take authctxt. | Damien Miller | |
| check authctxt->valid rather then pw != NULL; ok markus@ | |||
| 2003-09-23 | replace fatal_cleanup() and linked list of fatal callbacks with static | Markus Friedl | |
| cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@ | |||
| 2003-08-28 | remove kerberos support from ssh1, since it has been replaced with GSSAPI; | Markus Friedl | |
| but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ... | |||
| 2003-08-26 | fix passwd auth for 'username leaks via timing'; with djm@, original patches ↵ | Markus Friedl | |
| from solar | |||
| 2003-08-22 | support GSS API user authentication; patches from Simon Wilkinson, | Markus Friedl | |
| stripped down and tested by Jakob and myself. | |||
| 2003-07-22 | remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); | Markus Friedl | |
| test+ok henning@ | |||
| 2003-04-16 | document struct Authctxt; with solar | Markus Friedl | |
| 2002-09-26 | krb4 + privsep; ok dugsong@, deraadt@ | Markus Friedl | |
| 2002-09-09 | kerberos support for privsep. confirmed to work by lha@stacken.kth.se | Jun-ichiro itojun Hagino | |
| patch from markus | |||
| 2002-05-31 | move Authmethod definitons to per-method file. | Markus Friedl | |
| 2002-05-25 | split auth2.c into one file per method; ok provos@/deraadt@ | Markus Friedl | |
| 2002-05-13 | move the packet_send_debug handling from auth-options.c to auth.c; ok provos@ | Markus Friedl | |
| 2002-05-12 | Fix sshd Banner option for privsep; ok markus@ provos@ | Damien Miller | |
| 2002-03-19 | clean up prototypes | Markus Friedl | |
| 2002-03-18 | integrate privilege separated openssh; its turned off by default for now. | Niels Provos | |
| work done by me and markus@ | |||
| 2002-03-18 | have the authentication functions return the authentication context | Niels Provos | |
| and then do_authenticated; okay millert@ | |||
| 2002-03-17 | getpwnamallow returns struct passwd * only if user valid; okay markus@ | Niels Provos | |
| 2002-03-16 | split auth_rhosts_rsa(), ok provos@ | Markus Friedl | |
| 2002-03-14 | split auth_rsa() for better readability and privsep; ok provos@ | Markus Friedl | |
| 2002-03-04 | $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add | Kevin Steves | |
| missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@ | |||
| 2002-02-17 | Manual cleanup of remaining userland __P use (excluding packages maintained ↵ | Todd C. Miller | |
| outside the tree) | |||
| 2002-02-16 | Part one of userland __P removal. Done with a simple regexp with some minor ↵ | Todd C. Miller | |
| hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | |||
| 2001-12-27 | auth_rhosts_rsa now accept generic keys. | Markus Friedl | |
| 2001-12-19 | basic KNF done while i was looking for something else | Theo de Raadt | |
| 2001-12-18 | remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@ | Jakob Schlyter | |
| 2001-12-09 | add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions, | Markus Friedl | |
| fixes memleak. | |||
| 2001-06-26 | remove comments from .h, since they are cut&paste from the .c files | Markus Friedl | |
| and out of sync | |||
| 2001-06-26 | Kerberos v5 support for SSH1, mostly from Assar Westerlund ↵ | Dug Song | |
| <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok | |||
| 2001-06-26 | prototype pedant. not very creative... | Jun-ichiro itojun Hagino | |
| - () -> (void) - no variable names | |||
| 2001-06-25 | terminate secure_filename checking after checking homedir. that way it | Niels Provos | |
| works on AFS. okay markus@ | |||
| 2001-06-23 | *known_hosts2 is obsolete for hostbased authentication and | Markus Friedl | |
| only used for backward compat. merge ssh1/2 hostkey check and move it to auth.c | |||
| 2001-05-20 | configurable authorized_keys{,2} location; originally from peter@; ok djm@ | Markus Friedl | |
| 2001-05-18 | improved kbd-interactive support. work by per@appgate.com and me | Markus Friedl | |
| 2001-04-12 | implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) | Markus Friedl | |
| similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :) | |||
| 2001-03-28 | check auth_root_allowed for kbd-int auth, too. | Markus Friedl | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |