[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why doesn't pam_set_data() work with ssh?



> This module uses pam_set_data() function to save satus information for
> next login attempts. With login application it works fine, but with
> ssh application it doesn't work.

"ssh" means OpenSSH, right? Afaik, OpenSSH runs PAM authentication in a
standalone process forked off the master process (monitor). The process is
started before every authentication attempt and exits after it. Any
changes made to PAM data during the first attempt are lost before the
next attempt.

You can use some external (out-of-process) storage to store tokens. Or you
can modify your module to be able to send and receive token during a
single authentication attempt (using keyboard-interactive authetication
method). Or you can hack OpenSSH to preserve PAM state between attemps
(doable but quite tricky imho).


Thanks Pavel. I'm thinking about sqlite to save module status
information, when an user attempts to login trough ssh. Do you have any
other idea to save that data?

Regards,

--
Federico


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]