Hi All, With help of some here, I managed to locate and install a version of PAM w/ the pam_skey.so module (thanks to the folks at the PLD linux distro). I'm a bit new to pam (yup, I've read through the docs), but am fairly certain I'm having a config problem here.. some advice would be much appreciated. I've created a nice and simple /etc/pam.d/sshd file: #%PAM-1.0 auth required /lib/security/pam_skey.so debug I know the module is at least partially being used, because I see skey messages in my syslog file matching the pam_skey.so log facility and severity (AUTHPRIV.DEBUG): sshd[26843]: pam_skey login attempt for 'testuser' This output all matches the notification string in pam_skey.c, so I know that's where the msg is being generated. However, when I connect w/ my ssh client, I see the usual "login:" and "password:" prompts - not "s/key login:", which I would expect to see from my reading of pam_skey.c (as long as the username hasn't already been determined). I've used the keyinit from the skey-2.2 rpm to setup the keydb. However, the sequence number that pam_skey is asking for (98) is not the current sequence number in /etc/skeykeys (99). Also, the "pam_skey login attempt" message is not logged until after I've attempted a login (following the usual "login:") prompts. Interestingly, the unix password for the user does _not_ work at that "login:" prompt. After the failed login, the skey login attempt is logged to syslog. None of the skey passwords work at that "password:" prompt either, the secret or the one-time. It seems to me that another auth module is still being used prior to my skey module - explaining the lack of the "s/key login:" prompt? However, this intervening module is not actually correctly authenticating. I know sshd is compiled pam aware. Perms on the necessary files are 644 (/etc/pam.d/sshd, /etc/skeykeys). Can someone tell me what I'm doing incorrectly?
