pam, openssh and opie

[Harondel J. Sibble]

Hello folks, this looks about the only place I can find on issues dealing 
with the subject line. The message that got me posting is included below the 
line of *'s.

Basically I've tried getting this working with Pam authentication and using 
the new login binary that comes with Opie 2.32.  No joy.

I am using
RedHat 6.0
OpenSSH 2.3.0p1
Pam 0.66-18

I can get the opie challenge only on a console (no openssh), if I attempt to 
to include the opie_pam module in the /etc/pam.d/sshd file, all 
authentication fails and no login is possible.  Has anyone come up with any 
workarounds. I had previously tried to get s/key working, but kept bumping up 
against the issue of s/key not supporting shadow passwords and the pam s/key 
module is a tad old....


Any suggestions other than abandoning the whole OTP and OpenSSH idea?

Note I am not a list member, so please cc me. 

TIA


*************MESSAGE FROM ARCHIVES***************


> mouring at pconline.com said:
> > If I knew of a S/Key library outside of the code in the OpenBSD tree
> > I'd be happy to compile it up under Linux and see if I can mimic this
> > problem.
> 
> There is the OPIE project - which appears to now be defunct and well 
> hidden.
> 
> I have a working implementation on Linux, with source code taken from
>  http://www.inner.net/pub/opie/
> 
> There is also a (basic) PAM implementation for authentication - I've 
> not even attempted to see if that works with openssh
>  http://www.tho.org/~andy/pam_opie-0.21.tar.gz
> 
> Unfortunately single use passwords seem to have fallen out of favour - 
> slightly strange when generation of the passwords is nice and easy now 
> with Palm devices and the like.
> 
>  Nigel.
> 




Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)      (604) 686-2253 (pager)