In 3.7.1p2, does PAM only support the keyboard interactive method?

From: Chuck Meade (chuckmeade_at_mindspring.com)
Date: 11/11/03

  • Next message: Burak Bilen: "Re: scp hogs up CPU and cannot be killed"
    To: <secureshell@securityfocus.com>
    Date: Mon, 10 Nov 2003 18:46:41 -0500
    
    

    Due to the "PAM authentication kludge" present in versions before
    3.7.1, PAM could be invoked to do the authentication when the
    method was "password".

    Now I am using 3.7.1p2 and it appears that the removal of that
    kludge, and replacement with the FreeBSD challenge-response
    module, requires you to use the keyboard interactive method if
    you want PAM to be involved with the authentication. Note for
    instance that in auth-pam.c, sshpam_device is a Kbdint_Device.

    So my question is: am I missing something in what I see here?
    Is it the case that in order to have PAM do the authentication
    you must use the keyboard interactive method in 3.7.1p2?

    If that is not the case, then how would I get PAM to do the
    authentication when using the password method?

    Thanks very much,
    Chuck Meade


  • Next message: Burak Bilen: "Re: scp hogs up CPU and cannot be killed"

    Relevant Pages

    • Re: OpenSSH and pam_krb5
      ... > with GSSAPI and PAM authentication. ... this data is present in a separate process (the "authentication ... application (ie sshd). ...
      (SSH)
    • Re: PHKs MD5 might not be slow enough anymore
      ... It does not disable password authentication. ... It disables the SSH ... most people *do* need PAM. ... And, just to be safe, also turn off the challenge-response ...
      (FreeBSD-Security)
    • Re: Solaris 9 authentication and access control into Active Directory
      ... implement a user within your Active Directory for the machine, ... As others have mentioned there's PAM samba SMB integration. ... Recently I've been using LDAP authentication. ...
      (Focus-SUN)
    • Re: Understanding LDAP or MS Active Directory authenticationand Informix
      ... Hopefully we can upgrade to IDS 10 once Orrible certs PeopleSoft Tools ... Understanding LDAP or MS Active ... I know the LDAP support is through PAM. ... when you make the authentication call to the OS, ...
      (comp.databases.informix)
    • Re: alternatives to NIS and NFS
      ... >> I have been having some hassles with NIS and would like to upgrade to ... > For authentication, ... > OSX should be able to authenticate against LDAP. ... Authentication in Linux is done via the PAM library, ...
      (Debian-User)