Dear OpenSSH Developers, I would like to propose a patch to OpenSSH for Linux. In the recent few months, I have encountered a scenario where a PAM module used for authentication in SSH should be informed about the previous successful authentication methods. I described the complete scenario here: http://serverfault.com/questions/690038/openssh-two-factor-authentication-combined-with-kerberos-public-key In this use case, I want to introduce a 2nd factor for authentication while accepting public key or GSSAPI authentication as first factor. If and only if none of those methods were successful, a password authentication should be performed before the second factor. I also e-mailed this to this mailing list on 4 May. On the basis of a reply from Damien Miller, there is currently no way to fully accomplish this scenario with OpenSSH server. So I have made a PoC implementation that I think does the trick: https://github.com/dgyuri92/openssh-portable/commit/4a006cad8e3f8b9277ce41747d11261175c161e2 Would you be so kind as to take a look at it? Do you think it could be beneficial for other users too? I think it would be a nice feature to have, especially in use cases like mine and it is quite a small patch. Is there a chance that this patch - or a functionally equivalent one - can be integrated into future releases? Thank you very much! Cheers, György Demarcsek _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev