On Wed, Jun 8, 2011 at 2:17 AM, Nick Owen <nowen@xxxxxxxxxxxxxxxx> wrote: > Greetings: > > I am trying to find out if it is possible to have PAM prompt for > two-passwords, once for a kerberos request to AD and a second to an > OTP server via pam-radius on Redhat/centos. Setting both as required > results in : > > Jun 7 12:09:15 localhost sshd[25196]: debug1: userauth-request for > user nowen service ssh-connection method password Yes but you can't use ssh password authentication (a single simple password), instead you need to use keyboard-interactive. With an openssh you can test this on the client side with "ssh -o preferredauthentications=keyboard-interactive yourserver", and you can configure the server with "PasswordAuthentication no", "ChallengeResponseAuthentication yes" and "KbdInteractiveAuthentication yes". This will probably only work with ssh Protocol 2. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list