Re: deploying pam-opie?
On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all,
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
> [storm@defiant storm]$ dpkg -l | grep opie
> ii libpam-opie 0.21-7 Use OTP's for PAM authentication
> ii opie-client 2.32-8.1 OPIE programs for generating OTPs on
> ii opie-server 2.32-8.1 OPIE programs for maintaining an OTP
> key fil
> I added
(I assume you mean to /etc/pam.d/ssh)
> password required pam_opie.so
> password required pam_unix.so
> but when I log in as a user without a key, I get the standard Password:
> prompt rather than an opie prompt.
The 'password' lines in PAM configuration files are for password
changing service. If you want to use pam_opie to authenticate, you want
something like this:
auth sufficient pam_opie.so
auth required pam_unix.so
pam_opie is marked sufficient, so that if it succeeds, the system
dosen't also try to use unix authentication.
Also, make sure that PAMAuthenticationViaKbdInt is enabled in your sshd
William Aoki email@example.com /"\ ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B <- key change \ / No HTML in mail or news!
99AF A093 29AE 0AE1 9734 prev. expired X
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com