Keyboard-interactive authentication from a PAM module
Darren Tucker
dtucker at zip.com.au
Thu Nov 6 22:57:38 EST 2008
Josele Lerele wrote:
> I am using version 5.1. I know you can send information through the
> banner, but I would like to send dynamic information from the PAM
> module.
I wasn't refering to the banner file. The PAM code uses the banner
protocol message to send data provided by PAM under some conditions when
there's no prompt.
> Do you think this is possible without prompting something in the
> client?
Depends on what PAM passes sshd.
Could you please you compile and run (as root) this little test program
to show what PAM's doing and post the output? (Sanity checking the code
first is recommended. It doesn't set noecho so you want to make sure
there's nobody watching over shoulders, and obviously clip any sensitive
bits from the output.)
http://www.zip.com.au/~dtucker/patches/pam-test-harness.c
A few other random questions:
- what platform is this running on? Probably will not make a difference
but it might help.
- what does your PAM config look like for sshd?
- is the module source publicly available? (ie can I reproduce this
configuration?)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list