ssh pam clear text password

From: Robert Frank <robert.frank@xxxxxxxxx>
Date: Wed, 9 May 2007 17:57:40 +0200

Hi,

I'm currently writing a pam which uses an external serfvice to
authenticate users. For this to work, I need to have the clear text
password the user entered at the keyboard. The pam then asks the
external authority, using the login and the password obtained, to
check if the user may login or not.

This works fine for gdm and console login, but fails for ssh.
I've tried several different settings in sshd (PasswordAuthentication

yes/no, ChallengeResponseAuthentication yes/no, UsePAM yes), and ssh
does use my prompt I set in the challenge/response of the pam, but
all I ever get back as password is:

INCORRECT (sometimes in parentheses).

What settings are necessary to get the clear text password? Where is
the pam interaction of ssh (openssh) documented?

I'm using OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005 on FC5.

Thanks for any pointers.

Robert

Departement Informatik FGB tel +41 (0)61 267 14 66
Universität Basel fax. +41 (0)61 267 14 61
Robert Frank
Klingelbergstrasse 50 Robert.Frank@xxxxxxxxx
CH-4056 Basel
Switzerland http:// www.informatik.unibas.ch/personen/frank_r.html

Prev by Date: RE: X11Forwarding problem on Solaris.
Next by Date: ssh won't accept login password
Previous by thread: RE: RE : RE : X11Forwarding problem on Solaris.
Next by thread: ssh won't accept login password
Index(es):
- Date
- Thread

Relevant Pages

Re: Disable SSH authentication
... we can use two ways to login to remote machine: ... My question is that can we disable the SSH authentication so that we don't need to either provide user account or the public key? ... If you really, really, really wanted to do this, you could do it via pam, using UsePAM yes in sshd_config and then set the pam for ssh to accept without checking for any passwords. ...
(SSH)
Re: SSH pubkey or password based on user group
... >> What I was trying to do is not to allow users that are in root ... >> key while every other user can choose whether they will login using ... >> pam but I couldn't find any module that will have my job done. ... AN> than ssh. ...
(comp.security.ssh)
Re: sshd, pam and clear text
... I'm currently writing a pam which uses an external serfvice to ... check if the user may login or not. ... This works fine for gdm and console login, but fails for ssh. ...
(SSH)
Re: Confusion on SSH and PAM
... Looks like I've understood the interaction between SSH and PAM wrong here, ... sshd that a root login vai PAM is not ok, ... key fails, the sshd just goes to the next step, which is the password. ...
(freebsd-questions)
sshd, pam and clear text
... I'm currently writing a pam which uses an external serfvice to ... check if the user may login or not. ... This works fine for gdm and console login, but fails for ssh. ...
(SSH)