[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: deploying pam-opie?

On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all, 
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
> [storm@defiant storm]$ dpkg -l | grep opie
> ii  libpam-opie    0.21-7         Use OTP's for PAM authentication
> ii  opie-client    2.32-8.1       OPIE programs for generating OTPs on
> client 
> ii  opie-server    2.32-8.1       OPIE programs for maintaining an OTP
> key fil
> I added 

(I assume you mean to /etc/pam.d/ssh)

> password   required     pam_opie.so
> password   required     pam_unix.so
> but when I log in as a user without a key, I get the standard Password:
> prompt rather than an opie prompt.

The 'password' lines in PAM configuration files are for password
changing service. If you want to use pam_opie to authenticate, you want
something like this:

auth sufficient pam_opie.so
auth required pam_unix.so

pam_opie is marked sufficient, so that if it succeeds, the system
dosen't also try to use unix authentication.

Also, make sure that PAMAuthenticationViaKbdInt is enabled in your sshd
config file.

William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B  <- key change    \ /  No HTML in mail or news!
99AF A093 29AE 0AE1 9734   prev. expired    X
                                           / \

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: