AUTHTOK Retrieval

[Liam Kelly]

Hi,

I am currently unable to retrieve the password string given to my custom PAM module from OpenSSH Server.

I am writing a PAM module in order to allow OpenSSH Server to reference a user database on peripheral hardware. I modeled my code very similarly to `pam_userdb` and tested it initially with the tool in the `simple_pam` repository on GitHub. The `simple_pam` tool worked but OpenSSH Server was not able to retreave the password for comparison. The main difference between the two applications is that ‘simple_pam’ brings up the pam_prompt and sets the AUTHTOK first while OpenSSH only allows for retrieval. I have tried both `pam_get_auth` and   `pam_get_item`, but both return an empty string for the SSH case. Also I get the username just fine from OpenSSH.

`pam_unix` works, so I am really confused as to why I cannot get the AUTHTOK. Do you think it has something to do with the module locks placed on AUTHOKs? Could I be missing a compiler option?

-Liam 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20180209/88223eb2/attachment.htm>