Re: deploying pam-opie?
On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all,
>
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
>
> [storm@defiant storm]$ dpkg -l | grep opie
> ii libpam-opie 0.21-7 Use OTP's for PAM authentication
> ii opie-client 2.32-8.1 OPIE programs for generating OTPs on
> client
> ii opie-server 2.32-8.1 OPIE programs for maintaining an OTP
> key fil
>
>
> I added
(I assume you mean to /etc/pam.d/ssh)
> password required pam_opie.so
> password required pam_unix.so
>
> but when I log in as a user without a key, I get the standard Password:
> prompt rather than an opie prompt.
The 'password' lines in PAM configuration files are for password
changing service. If you want to use pam_opie to authenticate, you want
something like this:
auth sufficient pam_opie.so
auth required pam_unix.so
pam_opie is marked sufficient, so that if it succeeds, the system
dosen't also try to use unix authentication.
Also, make sure that PAMAuthenticationViaKbdInt is enabled in your sshd
config file.
--
William Aoki waoki@umnh.utah.edu /"\ ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B <- key change \ / No HTML in mail or news!
99AF A093 29AE 0AE1 9734 prev. expired X
/ \
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: