[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 8 00:05:08 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2549
Bug ID: 2549
Summary: [PATCH] Allow PAM conversation for pam_setcred for
keyboard-interactive authentication
Product: Portable OpenSSH
Version: 7.1p2
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: tomas.kuthan at oracle.com
Currently OpenSSH runs pam_setcred with 'fake' conversation function
sshpam_store_conv. If some PAM module actually tries to converse for
pam_setcred, sshpam_store_conv fails with PAM_CONV_ERR.
But there are/will be real world PAM modules, that actually need to
converse for pam_setcred. This bugs asks for making that possible for
keyboard-interactive authentication.
Allowing pam_setcred conversation for other user auths (pubkey,
password, hostbased, gssapi-with-mic, ...) would be significantly
harder, because for other auth there is no support from promts and
replies in SSH authentication protocol.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list