Thanks for your comments, Matt. I think you are right, opielogin might not be a good idea. I do not know about any docs concerning libopie, though. I just found a this article describing how to use OPIE with sshd and PAM: http://www.heise-security.co.uk/articles/88570. It contains links to the tools mentioned there. Does that help in any way?
Regards -- Alexander Kriegisch > The problem I see with opielogin is that it doesn't let > Dropbear know whether auth has succeeded or not. The only > real way of using opielogin is to make SSH's own > authentication allow any valid user to log in with any (or > no) password, then run opielogin for a shell. TCP/agent/X11 > forwarding wouldn't be possible either. I'm kind of wary of > this solution since it doesn't seem that secure. > > It might be better to use libopie to handle authentication, > then run a shell as normal. I couldn't find any docs on > libopie though - is it still maintained? > > It's a shame there isn't a nice lightweight network auth > solution for Unixes - PAM is kind of crufty and ill-suited.
