pam, openssh and opie

Pekka Savola pekkas at netcore.fi
Sun Dec 3 19:21:33 EST 2000


On Sun, 3 Dec 2000, Damien Miller wrote:

> On Sat, 2 Dec 2000, Harondel J. Sibble wrote:
>
> > I can get the opie challenge only on a console (no openssh), if I
> > attempt to to include the opie_pam module in the /etc/pam.d/sshd
> > file, all authentication fails and no login is possible.  Has
> > anyone come up with any workarounds. I had previously tried to
> > get s/key working, but kept bumping up against the issue of s/key
> > not supporting shadow passwords and the pam s/key module is a tad
> > old....
>
> I have just committed a patch from Nalin Dahyabhai which enables PAM
> to use KbdInteractive authentication, which will allow for this sort
> of challenge/response stuff. It will be in tomorrow morning's snapshot.

Could we also have the latest ChangeLog exported to
www.mindrot.org/misc/openssh/? This could even be done more frequently
than the snapshots, since the name is static.  A nice way to check
what's happening quickly before CVS gets there.

I take it you didn't commit RH OpenSSH-2.3.0p1-6
(http://people.redhat.com/nalin/test/) changes to pam.d/sshd
though? What's your take on those?

They require errata PAM for RHL6x, though.

-- 
Pekka Savola                    "Tell me of difficulties surmounted,
Netcore Oy                      not those you stumble over and fall"
Systems. Networks. Security.     -- Robert Jordan: A Crown of Swords






More information about the openssh-unix-dev mailing list