[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-toolkit-help] pam_oath with openssh problem

From: Simon Josefsson
Subject: Re: [OATH-toolkit-help] pam_oath with openssh problem
Date: Thu, 20 Jan 2011 21:55:59 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)

Michael Stevens <address@hidden> writes:

> On Thu, Jan 20, 2011 at 09:39:08PM +0100, Simon Josefsson wrote:
>> Have you succeeded in setting it up?  Describing how to configure
>> OpenSSH/PAM for one/two-factor OATH would be really nice.
> I'm planning to blog about this when less tired, but rough summary:

Very nice!  I look forward to seeing this described in more detail.

> If there's a ssh authorized_key it seems to override password
> authenticate totally. Ideally I'd like to combine ssh keys AND OTP, but
> I haven't worked out that setup yet.

Right, if OpenSSH is using 'publickey' there is no PAM involvement at
all.  Or, well, it probably does session management via PAM, but not
authentication.  I would also like to see both publickey + OTP.  I don't
recall if this is a protocol limitation -- can the SECSH protocol use
multiple authentication methods at all?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]