Multifactor authentication troubles
djm at mindrot.org
Sun Jul 24 21:48:01 AEST 2016
On Sat, 23 Jul 2016, James Murphy wrote:
> On 07/23/2016 05:53 PM, Darren Tucker wrote:
> > 1) Use the per-auth-type PAM configs as per
> > https://bugzilla.mindrot.org/show_bug.cgi?id=2246.
> > 2) Configure the ssh-passwd stack to have just pam_unix.so and the
> > ssh-kbdint stack to have just pam_signal.so.
> > 3) Put "AuthenticationMethods password,keyboard-interactive
> > publickey,keyboard-interactive" into sshd_config.
> This seems to be exactly what I'm looking for. I see that a patch was
> written on 2015-04-16 that implements this functionality, though there
> has been no action taken or feedback given on the patch since then. Has
> this slipped through the cracks, or were there more issues that needed
> to be resolved before merging?
Probably a bit of both :/
More information about the openssh-unix-dev