- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
the list of available kbdint devices if UsePAM=no. ok djm@
diff --git a/auth-chall.c b/auth-chall.c
index a9d314d..e4f7830 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -28,11 +28,13 @@
#include "auth.h"
#include "log.h"
#include "xmalloc.h"
+#include "servconf.h"
/* limited protocol v1 interface to kbd-interactive authentication */
extern KbdintDevice *devices[];
static KbdintDevice *device;
+extern ServerOptions options;
char *
get_challenge(Authctxt *authctxt)
@@ -41,6 +43,11 @@
u_int i, numprompts;
u_int *echo_on;
+#ifdef USE_PAM
+ if (!options.use_pam)
+ remove_kbdint_device("pam");
+#endif
+
device = devices[0]; /* we always use the 1st device for protocol 1 */
if (device == NULL)
return NULL;