Challenge response authentication and PAM

Nigel Metheringham Nigel.Metheringham at
Sat Mar 24 04:32:16 EST 2001

Nigel.Metheringham at said:
> If I put the right response in it logs me in quite happily.  However I
>  am not getting the Challenge displayed to me.... which could well be 
> down to the PAM module implementation

djm at said:
> Or it could be that the knd-int pam code is incorrect - I haven't
> tested it with any more interactive than password auth.

> If someone can recommend one then I will use it for testing too.

I've retested this using the pam_opie module extracted from the Polish 
Linux Distribution (appropriate rpm set is at

The challenge/response authentication works fine - displays me the 
prompt, even echos the response (don't know if this changes if you set 
noecho on the module itself), and then even lets me in with the 
appropriate authorisation.
So it looks like openssh 2.5.2 is fine, and my pam module was at fault.

I've extracted the one module I need, and am in the process of 
packaging it - I can let people have either the source or an rpm if 
they are interested, but its a module I'm building for internal use 
rather than something I intend to provide support for :-)

[ Nigel Metheringham           Nigel.Metheringham at ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]

More information about the openssh-unix-dev mailing list