Changing PAM service name in sshd_config, or running sshd as non-root
Jim Knoble
jmknoble at pobox.com
Sat Apr 5 06:43:13 EST 2003
Circa 2003-04-04 18:13:39 +0400 dixit Michael Tokarev:
: Jim Knoble wrote:
: >OpenSSH's sshd uses the basename of argv[0] as the service name, as you
: >would know if you were to read the INSTALL file that accompanies
: >OpenSSH-3.5p1.
:
: In my /etc/pam.d/, there is no file named `sshd', but there is a file
: `ssh' (without trailing `d'). Yet sshd works.
Are you sure the file is not misnamed, and that sshd isn't falling
through to another service, such as /etc/pam.d/other?
: Well, that's may be due to the fact that I use openssh that comes with
: debian woody, i.e. openssh-3.4p1.
Then perhaps you should complain to the maintainer of the Debian
package. Or perhaps you should unpack the source of the Debian package
and analyze it yourself. If you're using anything except the source
from ftp.openssh.com that you compiled yourself, then you should first
contact the maintainer of your pre-compiled OpenSSH rather than
complaining here. We have no way of knowing what subtle changes the
Debian maintainer---or anyone else---has wrought in their prebuilt
packages.
: Either way, it would be much more reliable if sshd will use e.g.
: PamServiceName from sshd_config.
No. It would be much more reliable if system integrators didn't change
the behavior of the software they package in subtle and mutually
incompatible ways. See http://cr.yp.to/compatibility.html .
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
Stop the War on Freedom ... Start the War on Poverty!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 256 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030404/30af465e/attachment.bin
More information about the openssh-unix-dev
mailing list