Re: multiple password prompts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 8, 2011 at 2:17 AM, Nick Owen <nowen@xxxxxxxxxxxxxxxx> wrote:
> Greetings:
>
> I am trying to find out if it is possible to have PAM prompt for
> two-passwords, once for a kerberos request to AD and a second to an
> OTP server via pam-radius on Redhat/centos. Setting both as required
> results in :
>
> Jun  7 12:09:15 localhost sshd[25196]: debug1: userauth-request for
> user nowen service ssh-connection method password

Yes but you can't use ssh password authentication (a single simple
password), instead you need to use keyboard-interactive.

With an openssh you can test this on the client side with "ssh -o
preferredauthentications=keyboard-interactive yourserver", and you can
configure the server with "PasswordAuthentication no",
"ChallengeResponseAuthentication yes" and
"KbdInteractiveAuthentication yes".  This will probably only work with
ssh Protocol 2.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux