diff options
author | Damien Miller <djm@mindrot.org> | 2008-11-05 16:20:46 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-11-05 16:20:46 +1100 |
commit | 01ed2272a1545336173bf3aef66fbccc3494c8d8 (patch) | |
tree | a77f115d3b8964f0b6fcc604f9dea87d15143d7e /servconf.h | |
parent | 6f66d34308af787613d5525729953665f26367ee (diff) |
- djm@cvs.openbsd.org 2008/11/04 08:22:13
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
[readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
[sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
[Makefile.in]
Add support for an experimental zero-knowledge password authentication
method using the J-PAKE protocol described in F. Hao, P. Ryan,
"Password Authenticated Key Exchange by Juggling", 16th Workshop on
Security Protocols, Cambridge, April 2008.
This method allows password-based authentication without exposing
the password to the server. Instead, the client and server exchange
cryptographic proofs to demonstrate of knowledge of the password while
revealing nothing useful to an attacker or compromised endpoint.
This is experimental, work-in-progress code and is presently
compiled-time disabled (turn on -DJPAKE in Makefile.inc).
"just commit it. It isn't too intrusive." deraadt@
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/servconf.h b/servconf.h index 40ac64f13..1d4c3a01a 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.85 2008/06/10 04:50:25 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.86 2008/11/04 08:22:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -96,6 +96,8 @@ typedef struct { | |||
96 | * authentication. */ | 96 | * authentication. */ |
97 | int kbd_interactive_authentication; /* If true, permit */ | 97 | int kbd_interactive_authentication; /* If true, permit */ |
98 | int challenge_response_authentication; | 98 | int challenge_response_authentication; |
99 | int zero_knowledge_password_authentication; | ||
100 | /* If true, permit jpake auth */ | ||
99 | int permit_empty_passwd; /* If false, do not permit empty | 101 | int permit_empty_passwd; /* If false, do not permit empty |
100 | * passwords. */ | 102 | * passwords. */ |
101 | int permit_user_env; /* If true, read ~/.ssh/environment */ | 103 | int permit_user_env; /* If true, read ~/.ssh/environment */ |