> Also, the "pam_skey login attempt" message is not logged until after I've > attempted a login (following the usual "login:") prompts. > Interestingly, the unix password for the user does _not_ work at that "login:" > prompt. After the failed login, the skey login attempt is logged to syslog. > None of the skey passwords work at that "password:" prompt either, the > secret or the one-time. > > It seems to me that another auth module is still being used prior to my > skey module - explaining the lack of the "s/key login:" prompt? However, > this intervening module is not actually correctly authenticating. > > I know sshd is compiled pam aware. > Perms on the necessary files are 644 (/etc/pam.d/sshd, /etc/skeykeys). > > Can someone tell me what I'm doing incorrectly? Nothing. The PAM code in OpenSSH isn't complient according to what is right, and always assumes you are asked for a passwd. I've been complaining to the OpenSSH list about this, because I get a lot of questions with this regarding my CryptoCard module. Regards, Igmar
