keyboard-interactive
Markus Friedl
markus at openbsd.org
Tue Jan 8 10:12:49 EST 2002
if you want to force a authentication method
on the server you have to disable all other methods (or
make them fail).
On Mon, Jan 07, 2002 at 12:18:51PM -0800, Bryan Chua wrote:
> Is there a way for a PAM module to force a client (and the server) to
> use kbd-interactive? As far as I can tell, when in the INITIAL_LOGIN
> phase, all communication with the client returns a PAM_CONV_ERR. I am
> trying to write a PAM module that will prompt a user for a second
> username and a second password in order for the module to succeed so
> that proper authentication relies on the ability to authenticate against
> n machines, where n < 1.
>
> I looked at the pam_authsrv module, but that appears (I did not compile
> ad run) to use the supplied username, index against a mapfile, and then
> use the password supplied by the user to authenticate. So it may not be
> using kbd-interactive at all, it may just be password.
>
> Am I missing something?
>
> -- bryan
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list