PAM & several passwords
Damien Miller
djm at mindrot.org
Tue Mar 13 09:51:40 EST 2001
On Mon, 12 Mar 2001, Stefan Neis wrote:
> J.S.Peatfield at damtp.cam.ac.uk wrote:
> >
> > Surely this would be handled by the pam code already
> > wouldn't it? Assuming that there are several modules
> > all required and they each can ask the user for some
> > auth token... (not that I've actually tried it of course).
>
> The point is that PAM is relying on the application's
> "conversation function" to obtain passwords/auth tokens.
> And sshd's conversation function just fills the one and only
> password I entered into the reply slot and returns without
> giving me any chance to do something different...
Use SSH2 protocol and ChallengeResponseAuthentication.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list