3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds

Peter Stuge stuge-openssh-unix-dev at cdy.org
Wed Nov 19 03:46:58 EST 2003

On Tue, Nov 18, 2003 at 05:16:06PM +0100, Markus Friedl wrote:
> IMHO it's PAM's job to control access if PAM is used.

:) That's the idea, anyway.

Not that I'm the expert, PAM already confuses me a bit, but I think the
larger problem is that sshd wants to have some control over the
authentication process in order to do a couple of things (pubkey,
hostbased, Kerberos and GSSAPI that I can think of) on it's own.

Maybe they {sh,c}ould be moved to PAM in some distant future, but even then
everyone wont be using PAM. It remains the job of sshd.

My point is that I agree with you on the responsibilities of PAM, but I
think people will need to complement it with things like pubkey auth, or
certificates, or even HTTP basic auth for a long time still. I know I do.


More information about the openssh-unix-dev mailing list