The name 'ChallengeResponseAuthentication' is a bit confusing to me; what
it really enables is an enhanced version of the ssh auth protocol that
allows multiple prompts to be sent from the server. In particular, when
using PAM, it allows the PAM module's text prompt to be seen on the ssh
client. When ChallengeResponseAuthentication is disabled, the text prompt
from the PAM module is ignored and only a single username/password
combination may be used.
ChallengeResponseAuthentication would let you use multiple prompts e.g.
such as those required for hardware tokens.
It also requires that the ssh client supports SSH protocol 2.
-Chris
[EMAIL PROTECTED]
On Fri, 6 Apr 2007, Jason Edgecombe wrote:
I have a generic RHEL5 machine here, running the standard Red Hat sshd
config (which disables ChallengeResponseAuthentication) and pam_krb5 works
out of the box.
Yes, it's enabled.
I disabled ChallengeResponse and now use_shmem isn't needed. Thanks!
Jason
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
