Bug 874

Summary: (Re)Add PAM PasswordAuthentication support
Product: Portable OpenSSH Reporter: Darren Tucker <dtucker>
Component: PAM supportAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: enhancement    
Priority: P2    
Version: -current   
Hardware: All   
OS: All   
Bug Depends on: 688    
Bug Blocks: 822    
Attachments:
Description Flags
re-add PasswordAuthentication for UsePAM=yes
none
re-add PasswordAuthentication and UsePAM take 2
none
re-add PasswordAuthentication and UsePAM take 3 djm: ok+

Description Darren Tucker 2004-05-28 18:51:52 AEST 
The current PAM code requires clients to authenticate via challenge-response to
actually authenticate via PAM.  sshd should support PasswordAuthentication via
PAM as best it can (which requires a "blind" conversation function, which is not
ideal but is the best that can be done within the limits of PAM and SSH's
password authentication).

This would also work with Kerberos/AFS PAM modules (bug #688).
Comment 1 Darren Tucker 2004-05-28 18:53:03 AEST 
Target next major release.
Comment 2 Darren Tucker 2004-05-28 20:31:18 AEST 
Created attachment 644 [details]
re-add PasswordAuthentication for UsePAM=yes

Works for me, but needs lots of testing and review.
Comment 3 Darren Tucker 2004-05-28 21:42:40 AEST 
Created attachment 645 [details]
re-add PasswordAuthentication and UsePAM take 2

Fix a couple of problems spotted by djm.  Logging of PAM errors was wrong too,
it's been removed for now but will be fixed later.
Comment 4 Darren Tucker 2004-05-28 23:06:48 AEST 
Created attachment 646 [details]
re-add PasswordAuthentication and UsePAM take 3

Fixed logging (debug only, failed password authentications are logged by the
main password code), made reused auth-pam.c code more consistent with current
code, added comments.  Tested OK on Redhat 9 and Solaris 8.
Comment 5 Damien Miller 2004-05-29 12:29:21 AEST 
Comment on attachment 646 [details]
re-add PasswordAuthentication and UsePAM take 3

ok by me
Comment 6 Darren Tucker 2004-05-30 20:53:18 AEST 
Thanks, committed to HEAD.