SSHD doesn't allow PAM module to use it's own prompt for password
Kent Wu
kwu at xsigo.com
Thu Apr 27 19:17:21 UTC 2006
Hi guys,
I'm trying to write up my own PAM module to authenticate users
coming in from ssh channel. This module was working pretty well until
lately I wanted to enhance it a bit.
What I tried to achieve is that when the system is in a bad
state (detected by my PAM module), I want to prompt the user for a
special pre-defined password for recovery purpose; the prompt I wanted
is like "system is unstable, pls provide recovery password:". I passed
this message through the pam_conv structure which I got by calling:
pam_get_item(pamh, PAM_CONV, &void_conv);
However this prompt never got showed up in my log-in screen. Here I
specified the msg_stype as either PAM_PROMPT_ECHO_OFF or
PAM_PROMPT_ECHO_ON however none of this works.
So I'm thinking even though PAM has defined this conversation structure
however looks like SSHD doesn't really honor it well enough. Am I
missing something here or is there a workaround for me to achieve what I
want?
Thanks a lot in advance.
-Kent
More information about the Pam-list
mailing list