[Bug 936] S/Key authentication fails if UsePAM=no
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Oct 7 17:14:54 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=936
------- Additional Comments From ulm at kph.uni-mainz.de 2004-10-07 17:14 -------
Concerning comment 4:
> hm, maybe it would be better to never include "pam" in the list of
> kbd-int submethods if !use_pam. I.e. build the lists in auth2-kbdint.c
> using ServerOptions
I thought about this, too. However, being not an ssh expert, I was not
sure where would be a proper place to call an initialisation routine for
the "devices" array. (It is also used for protocol 1 in auth-chall.c.)
Concerning comment 5:
> I think the diff is incorrect: it just avoids the ssh code, but we
> should be falling back to the next method. The fact that there are PAM
> lines in the server output shouldn't matter, kbd-int should try other
> methods.
At least for me it doesn't.
> As a workaround, you can try "ssh -oKbdInteractiveDevices=skey" to
> prefer skey authentication.
That works.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list