https://bugzilla.mindrot.org/show_bug.cgi?id=2549
Bug ID: 2549
Summary: [PATCH] Allow PAM conversation for pam_setcred for
keyboard-interactive authentication
Product: Portable OpenSSH
Version: 7.1p2
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: [email protected]
Reporter: [email protected]
Currently OpenSSH runs pam_setcred with 'fake' conversation function
sshpam_store_conv. If some PAM module actually tries to converse for
pam_setcred, sshpam_store_conv fails with PAM_CONV_ERR.
But there are/will be real world PAM modules, that actually need to
converse for pam_setcred. This bugs asks for making that possible for
keyboard-interactive authentication.
Allowing pam_setcred conversation for other user auths (pubkey,
password, hostbased, gssapi-with-mic, ...) would be significantly
harder, because for other auth there is no support from promts and
replies in SSH authentication protocol.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
