Query on sshpam_tty_conv

Damien Miller djm at mindrot.org
Fri Dec 10 14:33:11 EST 2010


On Wed, 8 Dec 2010, Ramya Rangarajan wrote:

> Hi,
> 
> I am facing issues with couple of cases during authentication using pam for
> openssh
> 
> Case 1:
> 
> When we get challenge response from pam radius module with  Echo prompt ON
> or OFF,  its not getting displayed in ssh prompt because currently *
> sshpam_tty_conv* do not support the display of plain text.

sshpam_tty_conv is never used to run PAM auth or account modules. It can
only be used for session modules when changing the user's password after
a TTY has been connected.

If you need message echoing, then make sure you disable password
authentication and enable challenge/response authentication. The PAM
conversation function that is used for challenge/response authentication
supports message echoing.

> Case 2:
> 
> When any INFO or ERROR message is passed to *sshpam_tty_conv *from
> underlying pam module before authentication is successful, those messages
> are also not getting displayed since stdio is not connected.

same as above.

-d


More information about the openssh-unix-dev mailing list