In article <1131664891.203835.233530@g14g2000cwa.googlegroups. com>
jsahiwal@gmail.com writes:

> I have setup a solaris 9 box with openssh-3.9.1 with RSA.

I assume you mean RSA the company (e.g. its SecurID stuff) rather than
RSA the crypto algorithm.

> My problem
>is this, i am trying to mimic the behavior of ssh prompt with pam just
> the way it works without pam. This is what i have without pam,
>once i try ssh into the box and put wrong passcode the first time , it
>prompts me to put passcode again
>
>ssh -l name machinename
>PASSCODE-[wrong input]
>next prompt
>PASSCODE
>
>but once i enable pam, the prompt i get is
>ssh -l name machinename
>PASSCODE-[wrong input]
>password:

This would seem to be an issue with your PAM setup - if your PAM module
should reprompt, it should be handled within PAM. The application (i.e.
sshd in this case) will normally (always?) call PAM only once - if it
gets a failure reply from PAM, that's it. (Of course ssh(d) may use
non-PAM-based authentication methods too.)

One possibility is that the above is the result of your PAM config being
set up to cycle through both your "RSA" module and the standard "pam_unix"
one, and the latter doing its own prompting rather than using the
password already given - though I would expect a prompt of "Password:"
rather than "password:" in that case.

--Per Hedeland
per@hedeland.org