alanking
commented
3 months ago After discussion at the March 2024 Authentication Working Group, we have decided that the plugin should allow usage without SSL, but log annoying messages for the administrator and possibly even require a configuration which explicitly allows for "insecure" authentications.
Whenever I try to use the plugin with SSL disabled (but the client and server are configured so that it can be used), the plugin attempts to enable/disable SSL when sending data to the server just like the pam_password plugin. However, this doesn't seem to be working because I get an "SSL shutdown" error every time the client disconnects.
If I remove the logic for enabling/disabling SSL, everything works fine. However, we need to require SSL for this plugin as sensitive information is being sent from the client to the server and so must be encrypted.
This is a blocker for release.