Index: auth-chall.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-chall.c,v retrieving revision 1.14 --- auth-chall.c +++ auth-chall.c @@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003 #include "auth.h" #include "log.h" #include "xmalloc.h" +#include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ extern KbdintDevice *devices[]; static KbdintDevice *device; +extern ServerOptions options; char * get_challenge(Authctxt *authctxt) @@ -40,6 +42,11 @@ get_challenge(Authctxt *authctxt) char *challenge, *name, *info, **prompts; u_int i, numprompts; u_int *echo_on; + +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif device = devices[0]; /* we always use the 1st device for protocol 1 */ if (device == NULL) Index: auth.h =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.h,v retrieving revision 1.63 --- auth.h +++ auth.h @@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +void remove_kbdint_device(const char *); + void disable_forwarding(void); void do_authentication(Authctxt *); Index: auth2-chall.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2-chall.c,v retrieving revision 1.23 --- auth2-chall.c +++ auth2-chall.c @@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.21 20 #include "xmalloc.h" #include "dispatch.h" #include "log.h" +#include "servconf.h" + +/* import */ +extern ServerOptions options; static int auth2_challenge_start(Authctxt *); static int send_userauth_info_request(Authctxt *); @@ -71,12 +75,32 @@ struct KbdintAuthctxt u_int nreq; }; +#ifdef USE_PAM +void +remove_kbdint_device(const char *devname) +{ + int i, j; + + for (i = 0; devices[i] != NULL; i++) + if (strcmp(devices[i]->name, devname) == 0) { + for (j = i; devices[j] != NULL; j++) + devices[j] = devices[j+1]; + i--; + } +} +#endif + static KbdintAuthctxt * kbdint_alloc(const char *devs) { KbdintAuthctxt *kbdintctxt; Buffer b; int i; + +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) {