On Thu, Oct 20, 2016 at 12:19 PM, Diogo Vieira <dfv@xxxxxxxxxxx> wrote: > Hello, > > I've developed a custom PAM module which only allows a user to authenticate > to the server only if another user of the same machine also authenticates > succesfully. It's currently a simple module which also works as a PAM aware > application since it authenticates each user with PAM itself. Both the > pamtester utility and su can use this module correctly. However, when I try > to use it with my openssh server the authentication fails after the first > prompt. My guess is that you're using pam_set_data/pam_get_data. Unfortunately this doesn't currently work with challenge-response authentication because the PAM calls are made in a subprocess that terminates, and thus the changes are lost. See: https://bugzilla.mindrot.org/show_bug.cgi?id=688 https://bugzilla.mindrot.org/show_bug.cgi?id=2548 -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
