Safeword seems to work perfect with ssh 3.4(.x). AFAIK the problems started with ssh 3.6 (and later versions still don't work) - that's probably one of the reasons why it is still in debian's "testing" distribution ... (3.4 is the latest "stable" version) The problem has been reported to securecomputing and I hope that they work on a fix (since version 1.2 of the solaris-pam-module was released recently, I have some hope that this could happen ...) - fixing every new pam-package/upgrade doesn't seem to be an option for many of us! if you try to make it work with ssh 3.4 it's quite simple (at least on a debian system): - make sure that you can access that machine even if ssh stops working!!! (don't drop your current ssh-session until you are a 100% sure that everything works as expected or login locally to test that you don't need ssh - just in case anything goes wrong) - copy "pam_safeword.so.1" to "/lib/security" - edit /etc/pam.d/ssh to meet your needs for example (only the auth section is shown here!): #%PAM-1.0 auth required pam_nologin.so auth required pam_env.so # [1] auth sufficient pam_unix.so auth required pam_safeword.so.1 try_first_pass #auth required pam_safeword.so.1 (with this configuration you can give a fixed password to certain users and still use safeword for others) If you want to use SAFEWORD ONLY then DISABLE the pam_unix.so and the first pam_safeword.so.1 lines and ENABLE the last pam_safeword.so.1 line - I don't know if it would work with only commenting out the pam_unix.so line since I have no idea what happens with the pam-switch "try_first_pass" when there is no pam_unix.so before ... - copy "pam_safeword.cfg" to the "/etc" directory and edit it to meet your needs - make sure that the ssh-box and the Safeword-Server can communicate without problems! (firewall rules!) - restart ssh (just to make sure ...) HTH, Alexander > -----Ursprüngliche Nachricht----- > Von: pam-list-bounces@xxxxxxxxxx > [mailto:pam-list-bounces@xxxxxxxxxx] Im Auftrag von Darren Tucker > Gesendet: Donnerstag, 03. Juni 2004 03:08 > An: Pluggable Authentication Modules > Betreff: Re: Setting up Safeword auth with sshd > > > Henke Larsson wrote: > > I'm kind of new to pam authentication and I would need some > help with > > setting up Safeword authentication with sshd. > > > > Is it enough to edit the /etc/pam.d/sshd file or do I need > to change > > something else? /etc/init.d/system-auth? > > If you're referring to SecureComputing pam_safeword.so then that is > reported to not work with OpenSSH's sshd: > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107784259324428 > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the > experience > usually comes from bad judgement. > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
