OpenSSH 3.7.1p2, password authentication method, and PAM

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

In OpenSSH 3.6.1p1 the password authentication method could call the PAM
auth_pam_password() routine.

The code that calls PAM routines has been replaced in 3.7.1p2 by the
challenge/response module (from FreeBSD, acc. to release notes).  From
what I can gather, the only way to reach PAM authentication is through
the code in auth2-chall.c that uses sshpam_device.  And the only way to
reach the code in auth2-chall.c is using the keyboard interactive method.

Have I missed something here?  Could someone who knows please verify if
I am seeing this correctly.  The key question is:  can I get sshd under 3.7.1p2
to use PAM if I use "password" authentication, or must I use "keyboard
interactive" authentication?  And if password authentication can use PAM,
how? (I don't see how from the source code).

Thanks very much!

Site Timeline