> > I wonder if it's possible to fiddle with PAM to allow for conditional
> > input of an additional password. I would e.g. like ssh login to do an
> > extra prompt for an one time password if the user logs in from a
> > non-internal network.
>
> Hi,
>
> Sure, one just needs to configure pam.conf (or app.conf) to use other modules
> of authentication as well, such as:
It's not that easy: In case of ssh you configure pam for sshd on the
server machine. But you communicate the password to the client program
ssh. Since there is no generic communication mechanism between client and
server you cannot present arbitrary questions to the user. You are
constrained by the ssh-protocol between client and server. And that does
allow for one password.
Tobias
--
Tobias Schaefer Phone 07071-9457-0
science + computing ag FAX 07071-9457-27
Hagellocher Weg 71-75
D-72070 Tuebingen Email: T.Schaefer@xxxxxxxxxxxxxxxxxxxx
WWW: http://www.science-computing.de/
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
