pam, openssh and opie

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Sun Dec 3 20:58:06 EST 2000


On Sun, 3 Dec 2000, Damien Miller wrote:

> On Sat, 2 Dec 2000, Harondel J. Sibble wrote:
> 
> > I can get the opie challenge only on a console (no openssh), if I
> > attempt to to include the opie_pam module in the /etc/pam.d/sshd
> > file, all authentication fails and no login is possible.  Has
> > anyone come up with any workarounds. I had previously tried to
> > get s/key working, but kept bumping up against the issue of s/key
> > not supporting shadow passwords and the pam s/key module is a tad
> > old....
> 
> I have just committed a patch from Nalin Dahyabhai which enables PAM
> to use KbdInteractive authentication, which will allow for this sort
> of challenge/response stuff. It will be in tomorrow morning's snapshot.
> 
> To use it you need to add "KbdInteractiveAuthentication yes" to both 
> your client and server configs.
> 
Can I assume that this does not conver Protocol 1?  Because I believe
KbdInteractive is just Protocol 2.

I'd love to unite some of these features a bit more.  Can protocol 1
support the same concept, Markus?

- Ben






More information about the openssh-unix-dev mailing list