Bug 1310226 - OpenSSH 7.1p2 with custom PAM module doesn't show the PAM module's prompt
OpenSSH 7.1p2 with custom PAM module doesn't show the PAM module's prompt
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jakub Jelen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-19 14:48 EST by Zoltan Boszormenyi
Modified: 2016-02-22 04:16 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-22 04:16:16 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Zoltan Boszormenyi 2016-02-19 14:48:59 EST
Description of problem:

I recently upgraded from Fedora 22 to Fedora 23.
However, the machine needs a custom authentication and for this, we have a custom made PAM module that offers its own login prompt.

With openssh-6.8p1-8 on Fedora 22, the PAM module's own prompt is visible.
With openssh-7.1p2-3 on Fedora 23, this prompt is replaced with ssh's own prompt, with the generated password of the day still works.

Version-Release number of selected component (if applicable):

$ rpm -q openssh
openssh-7.1p2-3.fc23.x86_64

How reproducible:

Always.

Steps to Reproduce:
1.
2.
3.

Actual results:

The custom prompt is replaced with the stock ssh prompt but login is allowed with the PAM module's generated password.

Expected results:

The PAM module's own prompt should be shown when it gets activated during the authentication process.

Additional info:
Comment 1 Tomas Mraz 2016-02-22 03:05:55 EST
Most probably your configuration just changed from keyboard-interactive authentication to regular password authentication which is (and always was) the default on Fedora.

Just verify that you have ChallengeResponseAuthentication set to 'yes' and PasswordAuthentication set to 'no' in the sshd_config.
Comment 2 Zoltan Boszormenyi 2016-02-22 04:15:48 EST
Thank you, these settings helped.

Note You need to log in before you can comment on or make changes to this bug.