Re: pam_unix and UsePAM
- From: per@xxxxxxxxxxxx (Per Hedeland)
- Date: Wed, 28 Mar 2007 21:36:36 +0000 (UTC)
In article <1175089812.789252.205510@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
"Kevin VW" <kl.vanw@xxxxxxxxx> writes:
In OpenSSH, I'd like to require users to use public-key authentication
AND to enter their local password. I've tried to configure PAM to do
this with "auth require pam_unix" in pam.d/sshd, but it stills
authenticates users without their password. How can I do this?
You can't. PAM can't provide SSH public-key authentication, OpenSSH only
uses PAM for password and keyboard-interactive authentication, and
OpenSSH will only use one authentication method for a given session.
The first two aren't likely to change, but the last one could. Of course
with keyboard-interactive + PAM you could in principle implement some
combination of password and "non-SSH-protocol" public-key authentication
yourself (this would entail at least writing a) a PAM module and b) a
client-side tool that used the private key to sign a random string - the
challenge given by the PAM module).
--Per Hedeland
per@xxxxxxxxxxxx
.
- References:
- pam_unix and UsePAM
- From: Kevin VW
- pam_unix and UsePAM
- Prev by Date: Re: putty x11 forwarding
- Next by Date: Re: SSH to LDAP
- Previous by thread: pam_unix and UsePAM
- Next by thread: SSH to LDAP
- Index(es):
Relevant Pages
|
|
