Re: multiple password prompts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, Jun 8, 2011 at 2:17 AM, Nick Owen <nowen@xxxxxxxxxxxxxxxx> wrote:
> Greetings:
> I am trying to find out if it is possible to have PAM prompt for
> two-passwords, once for a kerberos request to AD and a second to an
> OTP server via pam-radius on Redhat/centos. Setting both as required
> results in :
> Jun  7 12:09:15 localhost sshd[25196]: debug1: userauth-request for
> user nowen service ssh-connection method password

Yes but you can't use ssh password authentication (a single simple
password), instead you need to use keyboard-interactive.

With an openssh you can test this on the client side with "ssh -o
preferredauthentications=keyboard-interactive yourserver", and you can
configure the server with "PasswordAuthentication no",
"ChallengeResponseAuthentication yes" and
"KbdInteractiveAuthentication yes".  This will probably only work with
ssh Protocol 2.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux