- (dtucker) [INSTALL] Group the parts describing random options and PAM
implementations together which is hopefully more coherent.
diff --git a/ChangeLog b/ChangeLog
index 299813c..93cff1e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
accounts and that's what the code looks for, so make man page and code
agree. Pointed out by Roumen Petrov.
+ - (dtucker) [INSTALL] Group the parts describing random options and PAM
+ implementations together which is hopefully more coherent.
20070816
- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
@@ -3178,4 +3180,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4732 2007/08/16 23:42:32 dtucker Exp $
+$Id: ChangeLog,v 1.4733 2007/08/17 12:03:09 dtucker Exp $
diff --git a/INSTALL b/INSTALL
index 2b82432..5f888cd 100644
--- a/INSTALL
+++ b/INSTALL
@@ -14,31 +14,11 @@
The remaining items are optional.
-OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
-system supports it. PAM is standard most Linux distributions, Solaris,
-HP-UX 11 and AIX >= 5.2.
-
NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
-/dev/random. If you don't you will have to rely on ssh-rand-helper, which
-is inferior to a good kernel-based solution.
-
-Linux PAM:
-http://www.kernel.org/pub/linux/libs/pam/
-
-OpenPAM:
-http://www.openpam.org/
-
-If you wish to build the GNOME passphrase requester, you will need the GNOME
-libraries and headers.
-
-GNOME:
-http://www.gnome.org/
-
-Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11
-passphrase requester. This is maintained separately at:
-
-http://www.jmknoble.net/software/x11-ssh-askpass/
+/dev/random, or failing that, either prngd or egd. If you don't have
+any of these you will have to rely on ssh-rand-helper, which is inferior
+to a good kernel-based solution or prngd.
PRNGD:
@@ -54,6 +34,27 @@
http://www.lothar.com/tech/crypto/
+OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
+system supports it. PAM is standard most Linux distributions, Solaris,
+HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
+
+Information about the various PAM implementations are available:
+
+Solaris PAM: http://www.sun.com/software/solaris/pam/
+Linux PAM: http://www.kernel.org/pub/linux/libs/pam/
+OpenPAM: http://www.openpam.org/
+
+If you wish to build the GNOME passphrase requester, you will need the GNOME
+libraries and headers.
+
+GNOME:
+http://www.gnome.org/
+
+Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11
+passphrase requester. This is maintained separately at:
+
+http://www.jmknoble.net/software/x11-ssh-askpass/
+
S/Key Libraries:
If you wish to use --with-skey then you will need the library below
@@ -254,4 +255,4 @@
http://www.openssh.com/
-$Id: INSTALL,v 1.80 2007/08/17 11:40:22 dtucker Exp $
+$Id: INSTALL,v 1.81 2007/08/17 12:03:10 dtucker Exp $