Hi, I'm developing an authentication service module for PAM. This module sends a token to a mobile to authenticate a user. The module prompts "Token:" and expects the user to enter the token sended. If the token is valid, the user is authenticated. The token expires after some seconds. This module uses pam_set_data() function to save satus information for next login attempts. With login application it works fine, but with ssh application it doesn't work. For instance, the login asks the user: the user name, password and the token. The user enters all that. The token is saved with pam_set_data(), so if the user enters an invalid token, the next login attempt, the service module won't generate a new token. The user has three opportunities before it generates a new token. With login this works fine, but with ssh pam_set_data() it doesn't work and I don't know the reason. I show a bit of a log below: (*) A correct operation with login: 1) 1st login attempt: I enter the correct password and an invalid token: login: DEBUG: VAR_OTP isn't registered --> pam_get_data() login: DEBUG: VAR_OTP is registered, value=8987 --> pam_set_data() login: INFO: otp invalid. 2) 2nd login attempt: I just enter the token 8987, generated in the fisrt login attempt (the module doesn't generate a new token): login: DEBUG: VAR_OTP is registered --> pam_get_data() login: DEBUG: otp was entried ok. login: DEBUG: user passed. (*) A bad operation with ssh: 1) 1st login attempt: I enter the correct password and an invalid token: ssh: DEBUG: VAR_OTP isn't registered --> pam_get_data() ssh: DEBUG: VAR_OTP is registered, value=4506 --> pam_set_data() ssh: INFO: otp invalid. 2) 2nd login attempt: I should enter only the token 4506 (the module shouldn't generate a new token): ssh: DEBUG: VAR_OTP isn't registered --> pam_get_data() ssh: DEBUG: VAR_OTP is registered, value=2482 --> pam_set_data() ssh: DEBUG: otp was entried ok. ssh: DEBUG: user passed. Any comment or suggestion is wellcomed. Thanks in advance. -- Federico _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
