Why doesn't pam_prompt() function work with ssh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I'm developing an authentication service module for PAM.
This module sends a token to a mobile to authenticate a
user.

The module prompts "Token:" and expects the user to enter
the token sended. If the token is valid, the user is
authenticated. The token expires after some seconds.

With login and su application it works fine, but with ssh
it doesn't work. However, ssh is compiled and configured
with PAM.


/etc/ssh/ssh_config

...

PasswordAuthentication no
UsePAM yes

...


/etc/pam.d/ssh

# PAM configuration for the Secure Shell service

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth       required     pam_env.so # [1]

# Standard Un*x authentication.
@include common-auth

# MY MODULE
auth   requisite /home/.../pam_smsauth/pam_smsauth.so.1

# Standard Un*x authorization.
@include common-account

# Standard Un*x session setup and teardown.
@include common-session

...


When you use the login application to enter to the system,
you can see this:

loing: user
password:
Token:

If the user puts the correct data, it is authenticated.

With login application works the same way:

$ su user
password:
Token:

But with ssh I haven't been able to prompt the word
"Token:" to get the string that the user writes. I'm using
the pam_prompt() function to display it.


root@gasherbrum:~# ssh -c 3des root@manaslu
root@manaslu's password:
Permission denied, please try again.
root@manaslu's password:


After I enter the correct password it asks me again to
enter the password, instead of displaying "Token:".

I don't understand why it doesn't work with ssh.

pam_otpauth.c

...

char *otp_get(pam_handle_t *pamh) {
        char *resp = NULL;
        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, 
                     &resp, "Token: ");
        return resp;
}

...

Any comment or suggestion is wellcomed.
Thanks in advance,


--
Federico

__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux