[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication

Tue Mar 8 00:05:08 AEDT 2016

https://bugzilla.mindrot.org/show_bug.cgi?id=2549

            Bug ID: 2549
           Summary: [PATCH] Allow PAM conversation for pam_setcred for
                    keyboard-interactive authentication
           Product: Portable OpenSSH
           Version: 7.1p2
          Hardware: Sparc
                OS: Solaris
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tomas.kuthan at oracle.com

Currently OpenSSH runs pam_setcred with 'fake' conversation function
sshpam_store_conv. If some PAM module actually tries to converse for
pam_setcred, sshpam_store_conv fails with PAM_CONV_ERR.

But there are/will be real world PAM modules, that actually need to
converse for pam_setcred. This bugs asks for making that possible for
keyboard-interactive authentication.

Allowing pam_setcred conversation for other user auths (pubkey,
password, hostbased, gssapi-with-mic, ...) would be significantly
harder, because for other auth there is no support from promts and
replies in SSH authentication protocol.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.