Query on sshpam_tty_conv
djm at mindrot.org
Fri Dec 10 14:33:11 EST 2010
On Wed, 8 Dec 2010, Ramya Rangarajan wrote:
> I am facing issues with couple of cases during authentication using pam for
> Case 1:
> When we get challenge response from pam radius module with Echo prompt ON
> or OFF, its not getting displayed in ssh prompt because currently *
> sshpam_tty_conv* do not support the display of plain text.
sshpam_tty_conv is never used to run PAM auth or account modules. It can
only be used for session modules when changing the user's password after
a TTY has been connected.
If you need message echoing, then make sure you disable password
authentication and enable challenge/response authentication. The PAM
conversation function that is used for challenge/response authentication
supports message echoing.
> Case 2:
> When any INFO or ERROR message is passed to *sshpam_tty_conv *from
> underlying pam module before authentication is successful, those messages
> are also not getting displayed since stdio is not connected.
same as above.
More information about the openssh-unix-dev