Bug #16781
closed
webshell PAM should send "password:" or "token:" prompt
Description
This should send a prompt so that webshell javascript can wait for it and send the token at the right time.
Related issues
Updated by Peter Amstutz over 3 years ago
- Related to Bug #16773: webshell sends token too early added
Updated by Peter Amstutz over 3 years ago
- Priority changed from Normal to Low
- Assigned To deleted (
Peter Amstutz) - Status changed from New to Closed
- Category deleted (
Login)
The golang PAM does this already
Updated by Tom Clegg over 3 years ago
Our config examples for the Python-based PAM module (in the package and on the install doc page) used to have the "noprompt" option. Without that, it would prompt "Arvados API token: ".
Instead of pam_conv() the new Go-based PAM module uses pam_get_authtok(...,NULL) which "uses pre-defined prompts". https://man7.org/linux/man-pages/man3/pam_get_authtok.3.html
Updated by Peter Amstutz over 3 years ago
Tom Clegg wrote:
Our config examples for the Python-based PAM module (in the package and on the install doc page) used to have the "noprompt" option. Without that, it would prompt
"Arvados API token: ".Instead of pam_conv() the new Go-based PAM module uses
pam_get_authtok(...,NULL)which "uses pre-defined prompts". https://man7.org/linux/man-pages/man3/pam_get_authtok.3.html
I updated the workbench webshell javascript integration to wait for "assword:" as the trigger to send the authentication token. Do we need to document that?