I'm currently writing a pam which uses an external serfvice to
authenticate users. For this to work, I need to have the clear text
password the user entered at the keyboard. The pam then asks the
external authority, using the login and the password obtained, to
check if the user may login or not.

This works fine for gdm and console login, but fails for ssh.
I've tried several different settings in sshd (PasswordAuthentication

yes/no, ChallengeResponseAuthentication yes/no, UsePAM yes), and ssh
does use my prompt I set in the challenge/response of the pam, but
all I ever get back as password is:

INCORRECT (sometimes in parentheses).

What settings are necessary to get the clear text password? Where is
the pam interaction of ssh (openssh) documented?

I'm using OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005 on FC5.

Thanks for any pointers.


Departement Informatik FGB tel +41 (0)61 267 14 66
Universit=E4t Basel fax. +41 (0)61 267 14 61
Robert Frank
Klingelbergstrasse 50 Robert.Frank@unibas.ch
CH-4056 Basel
Switzerland http://=20