Challenge response authentication and PAM

[Nigel Metheringham]

Nigel.Metheringham at InTechnology.co.uk said:
> If I put the right response in it logs me in quite happily.  However I
>  am not getting the Challenge displayed to me.... which could well be 
> down to the PAM module implementation


djm at mindrot.org said:
> Or it could be that the knd-int pam code is incorrect - I haven't
> tested it with any more interactive than password auth.

> If someone can recommend one then I will use it for testing too.

I've retested this using the pam_opie module extracted from the Polish 
Linux Distribution (appropriate rpm set is at
  http://www.rpmfind.net/linux/RPM/PLD//PLD-1.0/i386/PLD/RPMS//pam-0.74.
0-3.i386.html

The challenge/response authentication works fine - displays me the 
prompt, even echos the response (don't know if this changes if you set 
noecho on the module itself), and then even lets me in with the 
appropriate authorisation.
So it looks like openssh 2.5.2 is fine, and my pam module was at fault.

I've extracted the one module I need, and am in the process of 
packaging it - I can let people have either the source or an rpm if 
they are interested, but its a module I'm building for internal use 
rather than something I intend to provide support for :-)

	Nigel.
-- 
[ Nigel Metheringham           Nigel.Metheringham at InTechnology.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]