On Thu, Feb 18, 2016 at 9:47 AM, Lesley Kimmel <lesley.j.kimmel@xxxxxxxxx> wrote: > [...] I'm not sure a user can interact with a script being executed by PAM. It depends on what the PAM module running the script does, but probably not. The PAM stack runs before the user has a tty, so writing to stdout or stderr is a bad idea (sshd maps these to /dev/null so it won't crash sshd, but it won't do anything useful either). Theoretically the PAM module could read stdio and package up the content into PAM_TEXT_INFO messages sent via the conversation function which sshd could then send to the user, but I suspect it would be hard for the PAM module to know whether or not the script was trying to read from stdin and do something sensible in that case. You might be able to construct what you want from pam_echo to send the message and module that solicits a response and checks it (I don't know of such a module but in theory it wouldn't be hard to write). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev