In 3.7.1p2, does PAM only support the keyboard interactive method?

From: Chuck Meade (chuckmeade_at_mindspring.com)
Date: 11/11/03

  • Next message: Burak Bilen: "Re: scp hogs up CPU and cannot be killed"
    To: <secureshell@securityfocus.com>
    Date: Mon, 10 Nov 2003 18:46:41 -0500
    
    

    Due to the "PAM authentication kludge" present in versions before
    3.7.1, PAM could be invoked to do the authentication when the
    method was "password".

    Now I am using 3.7.1p2 and it appears that the removal of that
    kludge, and replacement with the FreeBSD challenge-response
    module, requires you to use the keyboard interactive method if
    you want PAM to be involved with the authentication. Note for
    instance that in auth-pam.c, sshpam_device is a Kbdint_Device.

    So my question is: am I missing something in what I see here?
    Is it the case that in order to have PAM do the authentication
    you must use the keyboard interactive method in 3.7.1p2?

    If that is not the case, then how would I get PAM to do the
    authentication when using the password method?

    Thanks very much,
    Chuck Meade


  • Next message: Burak Bilen: "Re: scp hogs up CPU and cannot be killed"

    Relevant Pages