Dropbear and PAM auth.
Matt Johnston
matt at ucc.asn.au
Thu May 31 22:11:04 WST 2012
It should work ok with any module that just prompts for a username and password, which gets mapped to SSH's password authentication mode. It doesn't support more complex challenge/response type modes (which would use SSH's keyboard-interactive mode IIRC). If the username/password prompt doesn't match what's normal, take a look at svr-authpam.c for the comparison strings.
The limitation is because PAM doesn't have a way to use it asynchronously without using threads or subprocesses, at least for most modules and implementations I've seen.
Matt
Avner Flesch <avnerf at web-silicon.com> wrote:
>Hi,
>
>According to the note in options.h file, PAM auth. Support only simple
>modules.
>Is that mean that for example RADIUS authentication can't be supported?
>
>Thanks
>
>Avner
More information about the Dropbear
mailing list