PAM & several passwords

Damien Miller djm at
Tue Mar 13 09:51:40 EST 2001

On Mon, 12 Mar 2001, Stefan Neis wrote:

> J.S.Peatfield at wrote:
> >
> > Surely this would be handled by the pam code already
> > wouldn't it?  Assuming that there are several modules
> > all required and they each can ask the user  for some
> > auth token...  (not that I've actually tried it of course).
> The point is that PAM is relying on the application's
> "conversation function" to obtain passwords/auth tokens.
> And sshd's conversation function just fills the one and only
> password I entered into the reply slot and returns without
> giving me any chance to do something different...

Use SSH2 protocol and ChallengeResponseAuthentication.


| Damien Miller <djm at> \ ``E-mail attachments are the poor man's
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list