[354] in athena10
Re: update_server and remote access
daemon@ATHENA.MIT.EDU (Quentin Smith)
Fri Aug 1 12:20:25 2008
Date: Fri, 1 Aug 2008 12:19:35 -0400 (EDT)
From: Quentin Smith <quentin@MIT.EDU>
To: Timothy G Abbott <tabbott@mit.edu>
cc: Jonathan Reed <jdreed@mit.edu>, athena10@mit.edu
In-Reply-To: <alpine.DEB.1.10.0808011151340.17281@vinegar-pot.mit.edu>
Message-ID: <Pine.LNX.4.64L.0808011219100.11949@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Is it possible that the ssh server has "PasswordAuthentication yes", so
the SSH server is first prompting for a password, and then falling through
to PAM authentication?
--Quentin
On Fri, 1 Aug 2008, Timothy G Abbott wrote:
> On Fri, 1 Aug 2008, Jonathan Reed wrote:
>
>> - When I ssh to an Athena 10 machine, ssh first prompts for "Password:".
>> If I (accidentally, for example) simply hit Return, it then prompts for
>> "Password for jdreed@ATHENA.MIT.EDU:" Presumably that's a result of PAM
>> stacking, but it's a weird and potentially confusing behavior, especially
>> since the first prompt will happily accept the user's Kerberos password.
>> It's a minor thing, but is there any way around that?
>
> The use_first_pass option to pam_krb5 (which we use) is supposed to do this
> (see pam_krb5(5) for details), but it does seem it behaves as desired.
>
> -Tim Abbott
>
>
>
