[PATCH] make pam service a settable option

Jeff Layton jtlayton at poochiereds.net
Wed Jun 23 22:54:43 EST 2004


Apologies if this goes through twice, but it looked like it didn't go
the first time I sent it...

This patch adds a config file option 'PAMService' that sets the PAM
service sshd will use. It should leave the current behavior unchanged if
PAMService is not set in the config file (i.e. use __progname for the
service or SSHD_PAM_SERVICE if it's set at compile time). The patch is
against the current portability release in CVS.

Why would you want something like this?
I have a machine at work that I use as an SSH bastion. It runs a
"normal" ssh daemon that allows root logins, etc that I use for
management, and a second ssh daemon on a different port (that the
firewall forwards to) that uses a one time password auth scheme, and
doesn't allow root logins. It would be very nice to be able to have them
use different PAM module stacks without having to have a separate
binary.

One final note -- C programming is not my forte, so please look at this
critically and let me know if anything should be changed. If you accept
this for inclusion, I'll make the manpage updates as well.

Thanks!
-- 
Jeff Layton <jtlayton at poochiereds.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh_pam_service.patch
Type: text/x-patch
Size: 4350 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040623/52983010/attachment.bin 


More information about the openssh-unix-dev mailing list