keyboard-interactive
Mark D. Roth
roth+openssh at feep.net
Tue Jan 8 10:48:07 EST 2002
On Mon Jan 07 12:18 2002 -0800, Bryan Chua wrote:
> Is there a way for a PAM module to force a client (and the server) to
> use kbd-interactive? As far as I can tell, when in the INITIAL_LOGIN
The PAM module itself can't force a particular SSH auth method, but
you can set this up in the sshd_config file by enabling
ChallengeResponseAuthentication and disabling all the other auth
methods. To get ChallengeResponseAuthentication to use PAM, you also
need to enable PAMAuthenticationViaKbdInt.
> I looked at the pam_authsrv module, but that appears (I did not compile
> ad run) to use the supplied username, index against a mapfile, and then
> use the password supplied by the user to authenticate. So it may not be
> using kbd-interactive at all, it may just be password.
I use pam_authsrv with kbd-interactive to authenticate via an SNK, and
it works perfectly. I suggest you try the latest version of
pam_authsrv:
http://www-dev.cso.uiuc.edu/authsrv/
HTH.
--
Mark D. Roth <roth at feep.net>
http://www.feep.net/~roth/
More information about the openssh-unix-dev
mailing list