[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_opie one-time password module problem



Is anyone out there using version 0.21 of Andy Berkheimer's pam_opie
module? I am, or at
least I'm trying to. I would like to use it as part of my ssh login
sequence when I do remote logins. The problem I'm having is that the
sequence number and seed are appearing on my screen only after I do a
successful password login. Even if I deliberately enter a bogus password

the first time, a second password prompt appears and not the opie
sequence and seed values. I'm using openssh 3.3 with
'ChallengeResponseAuthentication'  and 'PAMAuthenticationViaKbdInt' both
set to yes in the sshd_config file.
Anyone have any ideas on what's causing this?

Here is my sshd pam file.

#%PAM-1.0
auth       sufficient   /lib/security/pam_opie.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth

System-auth looks like this.

#%PAM-1.0
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so
account     required      /lib/security/pam_unix.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


I'm running Mandrake 8.2 if that helps.

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []