There's no way today to get myproxy-logon to prompt separately for a passphrase and a PAM password. If that's the behavior you require, please submit a feature request:
https://bugzilla.mcs.anl.gov/globus/enter_bug.cgi?product=MyProxy On 4/20/11 1:38 PM, Lukasz Lacinski wrote: > But then private keys are stored unencrypted what does not fulfill > security requirements/concerns of some institutions. > > Lukasz > > On 4/20/11 12:31 PM, Jim Basney wrote: >> Use 'myproxy-init -n' to store the proxy, then myproxy-logon will >> require PAM/OTP but not a credential passphrase. >> >> On 4/20/11 1:29 PM, Lukasz Lacinski wrote: >>> Hi, >>> >>> Is any way to force MyProxy to work with PAM required and OTP? >>> When using myproxy-init to store my proxy credential I have to supply a >>> passphrase to encrypt a private key. Then using myproxy-logon to obtain >>> a new proxy credential I have to supply that passphrase to decrypt the >>> private key. Because of the way PAM support is implemented in MyProxy, >>> the passphrase is used to authenticate against PAM which expects a >>> current OTP from my CryptoCard. The PAM authentication fails. >>> How to use myproxy-init and myproxy-logon with MyProxy server using PAM >>> and OTP? >>> >>> Redards, >>> Lukasz
