- jmc@cvs.openbsd.org 2005/03/16 11:10:38

[openssh.git] / auth-chall.c

diff --git a/auth-chall.c b/auth-chall.c
index dd55d6eb060ea2d9e494606be8b549d3229a98b6..e4f783096cdf971cf227dd62d0d56c53d53c9dea 100644 (file)
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $");
 #include "auth.h"
 #include "log.h"
 #include "xmalloc.h"
+#include "servconf.h"
 
 /* limited protocol v1 interface to kbd-interactive authentication */
 
 extern KbdintDevice *devices[];
 static KbdintDevice *device;
+extern ServerOptions options;
 
 char *
 get_challenge(Authctxt *authctxt)
@@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt)
        u_int i, numprompts;
        u_int *echo_on;
 
+#ifdef USE_PAM
+       if (!options.use_pam)
+               remove_kbdint_device("pam");
+#endif
+
        device = devices[0]; /* we always use the 1st device for protocol 1 */
        if (device == NULL)
                return NULL;
@@ -84,7 +91,7 @@ verify_response(Authctxt *authctxt, const char *response)
                if ((device->query(authctxt->kbdintctxt, &name, &info,
                    &numprompts, &prompts, &echo_on)) != 0)
                        break;
-               if (numprompts == 0 && 
+               if (numprompts == 0 &&
                    device->respond(authctxt->kbdintctxt, 0, resp) == 0)
                        authenticated = 1;