[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

a little more help w/ pam_skey.so and openssh pls!



Hi All,

With help of some here, I managed to locate and install a version 
of PAM w/ the pam_skey.so module (thanks to the folks at the PLD linux distro).

I'm a bit new to pam (yup, I've read through the docs), but am fairly
certain I'm having a config problem here.. some advice would be much
appreciated.

I've created a nice and simple /etc/pam.d/sshd file:

#%PAM-1.0
auth required /lib/security/pam_skey.so debug

I know the module is at least partially being used, because I see skey
messages in my syslog file matching the pam_skey.so log facility and severity
(AUTHPRIV.DEBUG):

sshd[26843]: pam_skey login attempt for 'testuser'

This output all matches the notification string in pam_skey.c, so I know that's
where the msg is being generated.
However, when I connect w/ my ssh client, I see the usual "login:" and 
"password:" prompts - not "s/key login:", which I would expect to see from
my reading of pam_skey.c (as long as the username hasn't already been
determined).

I've used the keyinit from the skey-2.2 rpm to setup the keydb.  However, the
sequence number that pam_skey is asking for (98) is not the current sequence
number in /etc/skeykeys (99).

Also, the "pam_skey login attempt" message is not logged until after I've 
attempted a login (following the usual "login:") prompts.
Interestingly, the unix password for the user does _not_ work at that "login:"
prompt.  After the failed login, the skey login attempt is logged to syslog.
None of the skey passwords work at that "password:" prompt either, the 
secret or the one-time.

It seems to me that another auth module is still being used prior to my
skey module - explaining the lack of the "s/key login:" prompt?  However,
this intervening module is not actually correctly authenticating.

I know sshd is compiled pam aware.
Perms on the necessary files are 644 (/etc/pam.d/sshd, /etc/skeykeys).

Can someone tell me what I'm doing incorrectly?





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []