[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Additional input (second password) during login

Hi Lucas,

> I figured this out already. But as I understand PAM puts the credentials
> in a store for all modules to read from. Where should I do the input of
> the second password - in my own module ?

if you think about local authentication (instead of ssh/sshd) you would
use the communication function to provide a second password prompt to the
user and get his response. I did this some time ago for an AFS
authentication module.

> I considered something like
> 1. inputting the combined password <normalpw><onetimepw> to the login
> promt
> 2. let my onetime password routing kick in first and if remote is on an
> external net verifying <onetimepw>.
>    If ok modify the stored pw by stripping of the onetime part
> 3. let the normal auth verify the rest.

That should work. A problem might be a length restriction on the password
in the communication between ssh and sshd. I don't know what a safe length
would be.


  Tobias Schaefer				Phone	07071-9457-0
  science + computing ag			FAX	07071-9457-27
  Hagellocher Weg 71-75
  D-72070 Tuebingen     Email: T Schaefer science-computing de
        WWW:  http://www.science-computing.de/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]