gcc -DHAVE_CONFIG_H -I. -I.. -D_FORTIFY_SOURCE=2 -fpic -Wall -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c -o pam_sshauth_so-auth_funcs.o `test -f 'auth_funcs.c' || echo './'`auth_funcs.c
auth_funcs.c:40:0: warning: "SSH_AUTH_METHOD_PUBLICKEY" redefined
#define SSH_AUTH_METHOD_PUBLICKEY 3
^
In file included from auth_funcs.c:36:0:
pam_sshauth.h:30:0: note: this is the location of the previous definition
#define SSH_AUTH_METHOD_PUBLICKEY 4
^
You're using method as a set of bits, but you're defining SSH_AUTH_METHOD_PUBLICKEY as 1<<1 | 1<<0 (ie: 2 + 1 = 3).
This means that it'll try public key authentication if both INTERACTIVE and PASSWORD methods are supported (and, conversely, it'll try PASSWORD and INTERACTIVE if only PUBLICKEY is supported).
Hm. I think this patch is incorrect:
gcc -DHAVE_CONFIG_H -I. -I.. -D_FORTIFY_SOURCE=2 -fpic -Wall -g -O2 -fstack- protector- strong -Wformat -Werror= format- security -c -o pam_sshauth_ so-auth_ funcs.o `test -f 'auth_funcs.c' || echo './'`auth_funcs.c METHOD_ PUBLICKEY" redefined METHOD_ PUBLICKEY 3 METHOD_ PUBLICKEY 4
auth_funcs.c:40:0: warning: "SSH_AUTH_
#define SSH_AUTH_
^
In file included from auth_funcs.c:36:0:
pam_sshauth.h:30:0: note: this is the location of the previous definition
#define SSH_AUTH_
^
You're using method as a set of bits, but you're defining SSH_AUTH_ METHOD_ PUBLICKEY as 1<<1 | 1<<0 (ie: 2 + 1 = 3).
This means that it'll try public key authentication if both INTERACTIVE and PASSWORD methods are supported (and, conversely, it'll try PASSWORD and INTERACTIVE if only PUBLICKEY is supported).