> actually i meant/hoped for a pam approach to just key + password > enforcement. in lieu of that, what i have seen so far is use > ForceCommand and a script to ask some question, it's not pam but > perhaps just as good. unfortunately sshd bypasses pam when doing cert auth. what (rhel6) utility is available that behaves quite like login, but may be called by an sshd ForceCommand script (ie not root)?