Why doesn't pam_prompt() function work with ssh?

federikkom federikkom at yahoo.com.ar
Mon Dec 4 03:27:42 UTC 2006 

Hi,

I'm developing an authentication service module for PAM.
This module sends a token to a mobile to authenticate a
user.

The module prompts "Token:" and expects the user to enter
the token sended. If the token is valid, the user is
authenticated. The token expires after some seconds.

With login and su application it works fine, but with ssh
it doesn't work. However, ssh is compiled and configured
with PAM.


/etc/ssh/ssh_config

...

PasswordAuthentication no
UsePAM yes

...


/etc/pam.d/ssh

# PAM configuration for the Secure Shell service

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth       required     pam_env.so # [1]

# Standard Un*x authentication.
@include common-auth

# MY MODULE
auth   requisite /home/.../pam_smsauth/pam_smsauth.so.1

# Standard Un*x authorization.
@include common-account

# Standard Un*x session setup and teardown.
@include common-session

...


When you use the login application to enter to the system,
you can see this:

loing: user
password:
Token:

If the user puts the correct data, it is authenticated.

With login application works the same way:

$ su user
password:
Token:

But with ssh I haven't been able to prompt the word
"Token:" to get the string that the user writes. I'm using
the pam_prompt() function to display it.


root at gasherbrum:~# ssh -c 3des root at manaslu
root at manaslu's password:
Permission denied, please try again.
root at manaslu's password:


After I enter the correct password it asks me again to
enter the password, instead of displaying "Token:".

I don't understand why it doesn't work with ssh.

pam_otpauth.c

...

char *otp_get(pam_handle_t *pamh) {
        char *resp = NULL;
        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, 
                     &resp, "Token: ");
        return resp;
}

...

Any comment or suggestion is wellcomed.
Thanks in advance,


--
Federico

__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar

More information about the Pam-list mailing list