[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-toolkit-help] pam_oath with openssh problem
From: |
Simon Josefsson |
Subject: |
Re: [OATH-toolkit-help] pam_oath with openssh problem |
Date: |
Thu, 20 Jan 2011 21:55:59 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux) |
Michael Stevens <address@hidden> writes:
> On Thu, Jan 20, 2011 at 09:39:08PM +0100, Simon Josefsson wrote:
>> Have you succeeded in setting it up? Describing how to configure
>> OpenSSH/PAM for one/two-factor OATH would be really nice.
>
> I'm planning to blog about this when less tired, but rough summary:
Very nice! I look forward to seeing this described in more detail.
> If there's a ssh authorized_key it seems to override password
> authenticate totally. Ideally I'd like to combine ssh keys AND OTP, but
> I haven't worked out that setup yet.
Right, if OpenSSH is using 'publickey' there is no PAM involvement at
all. Or, well, it probably does session management via PAM, but not
authentication. I would also like to see both publickey + OTP. I don't
recall if this is a protocol limitation -- can the SECSH protocol use
multiple authentication methods at all?
/Simon