[Bug 936] S/Key authentication fails if UsePAM=no

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Oct 7 17:14:54 EST 2004


------- Additional Comments From ulm at kph.uni-mainz.de  2004-10-07 17:14 -------
Concerning comment 4:

> hm, maybe it would be better to never include "pam" in the list of
> kbd-int submethods if !use_pam. I.e. build the lists in auth2-kbdint.c
> using ServerOptions

I thought about this, too. However, being not an ssh expert, I was not
sure where would be a proper place to call an initialisation routine for
the "devices" array. (It is also used for protocol 1 in auth-chall.c.)

Concerning comment 5:

> I think the diff is incorrect: it just avoids the ssh code, but we
> should be falling back to the next method. The fact that there are PAM
> lines in the server output shouldn't matter, kbd-int should try other
> methods.

At least for me it doesn't.

> As a workaround, you can try "ssh -oKbdInteractiveDevices=skey" to
> prefer skey authentication.

That works.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list