874 – (Re)Add PAM PasswordAuthentication support

Bug 874 - (Re)Add PAM PasswordAuthentication support

Summary: (Re)Add PAM PasswordAuthentication support

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	PAM support (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P2 enhancement
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:	688
Blocks:	822
	Show dependency tree / graph

Reported:	2004-05-28 18:51 AEST by Darren Tucker
Modified:	2004-09-11 13:18 AEST (History)
CC List:	0 users

See Also:

Attachments
re-add PasswordAuthentication for UsePAM=yes (3.91 KB, patch) 2004-05-28 20:31 AEST, Darren Tucker	no flags	Details \| Diff
re-add PasswordAuthentication and UsePAM take 2 (3.69 KB, patch) 2004-05-28 21:42 AEST, Darren Tucker	no flags	Details \| Diff
re-add PasswordAuthentication and UsePAM take 3 (4.31 KB, patch) 2004-05-28 23:06 AEST, Darren Tucker	djm: ok+	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Darren Tucker 2004-05-28 18:51:52 AEST

The current PAM code requires clients to authenticate via challenge-response to
actually authenticate via PAM.  sshd should support PasswordAuthentication via
PAM as best it can (which requires a "blind" conversation function, which is not
ideal but is the best that can be done within the limits of PAM and SSH's
password authentication).

This would also work with Kerberos/AFS PAM modules (bug #688).

Comment 1 Darren Tucker 2004-05-28 18:53:03 AEST

Target next major release.

Comment 2 Darren Tucker 2004-05-28 20:31:18 AEST

Created attachment 644 [details]
re-add PasswordAuthentication for UsePAM=yes

Works for me, but needs lots of testing and review.

Comment 3 Darren Tucker 2004-05-28 21:42:40 AEST

Created attachment 645 [details]
re-add PasswordAuthentication and UsePAM take 2

Fix a couple of problems spotted by djm.  Logging of PAM errors was wrong too,
it's been removed for now but will be fixed later.

Comment 4 Darren Tucker 2004-05-28 23:06:48 AEST

Created attachment 646 [details]
re-add PasswordAuthentication and UsePAM take 3

Fixed logging (debug only, failed password authentications are logged by the
main password code), made reused auth-pam.c code more consistent with current
code, added comments.  Tested OK on Redhat 9 and Solaris 8.

Comment 5 Damien Miller 2004-05-29 12:29:21 AEST

Comment on attachment 646 [details]
re-add PasswordAuthentication and UsePAM take 3

ok by me

Comment 6 Darren Tucker 2004-05-30 20:53:18 AEST

Thanks, committed to HEAD.