[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Additional input (second password) during login



Tobias, Please see my answer to Lucas, is that viable ?
___

Thanks Lucas

I figured this out already. But as I understand PAM puts the credentials
in a store for all modules to read from. Where should I do the input of
the second password - in my own module ?

I considered something like 

1. inputting the combined password <normalpw><onetimepw> to the login
promt 
2. let my onetime password routing kick in first and if remote is on an
external net verifying <onetimepw>. 
   If ok modify the stored pw by stripping of the onetime part 
3. let the normal auth verify the rest.
___

mvh
Claus Bruun
 


-----Original Message-----
From: pam-list-admin redhat com [mailto:pam-list-admin redhat com] On
Behalf Of Tobias Schaefer
Sent: 9. december 2003 10:54
To: pam-list redhat com
Subject: Re: Additional input (second password) during login


> > I wonder if it's possible to fiddle with PAM to allow for 
> > conditional input of an additional password. I would e.g. like ssh 
> > login to do an extra prompt for an one time password if the user 
> > logs in from a non-internal network.
>
> Hi,
>
> Sure, one just needs to configure pam.conf (or app.conf) to use other 
> modules of authentication as well, such as:

It's not that easy: In case of ssh you configure pam for sshd on the
server machine. But you communicate the password to the client program
ssh. Since there is no generic communication mechanism between client
and server you cannot present arbitrary questions to the user. You are
constrained by the ssh-protocol between client and server. And that does
allow for one password.


Tobias
-- 

  Tobias Schaefer				Phone	07071-9457-0
  science + computing ag			FAX	07071-9457-27
  Hagellocher Weg 71-75
  D-72070 Tuebingen     Email: T Schaefer science-computing de
        WWW:  http://www.science-computing.de/


_______________________________________________
Pam-list mailing list
Pam-list redhat com https://www.redhat.com/mailman/listinfo/pam-list




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]