I have build a custom pam module to add MFA.
After entering password I have used pam_prompt() function to display options for MFA and take user input.
That pam_prompt() is returning code 19 (PAM_CONV_ERR) "Conversation Failed" with SSH.
Same function when used by UI to Display MFA list is working fine.
Any idea of it.
Same is working on RHEL 8. I am currently using RHEL 9.4
Code where I am sing pam_prompt function
int pam_result = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &p, "%s", prompt);if (pam_result != PAM_SUCCESS) { sprintf(msg, "[ERROR] pam_prompt failed with code: %d", pam_result); debug(pamh, msg); return pam_result;}my sshd file on test machine
#%PAM-1.0auth substack password-authauth include postloginaccount required pam_sepermit.soaccount required pam_nologin.soaccount include password-authpassword include password-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession required pam_loginuid.so# pam_selinux.so open should only be followed by sessions to be executed in the user contextsession required pam_selinux.so open env_paramssession required pam_namespace.sosession optional pam_keyinit.so force revokesession optional pam_motd.sosession include password-authsession include postloginauth required pam_otp.so config=/etc/pam_otp.conf use_first_passUsecase:
After installing my custom pam module by adding it at the end of sshd file"auth required pam_otp.sp".When I take ssh using"ssh username@ip" it prompts for password.After entering the password control goes to my pam module for MFA. Now next it should show the list of MFA options available. For that I have used the above code that has pam_prompt() function.
That is giving above mentioned error.
This problem has arrived only with RHEL 9. Till 8 its working fine