Does OpenSSH support setting PAM_AUSER

Godugu, Rajeshwar (NSN - IN/Bangalore) rajeshwar.godugu at
Mon Sep 15 22:01:56 EST 2008

Hi All, 

I have Openssh "OpenSSH_5.1p1, OpenSSL 0.9.7d 17 Mar 2004" installed on
machines which has the solaris10 as OS. 

I have a requirement to implement RBAC (Role Based Access Control) on my

As part of RBAC, I have to provide remote role2role login feature (For
more details:;jsessionid=bac85b2b6bd564e843af4
907bd1?bug_id=6213280 )

By default roles doesn't support remote login to roles, reason behind
this is PAM (pluggable authentication .module) module pam_roles will not
allow remote user's to assume roles. 
For more details:

pam_roles man page says that this feature is possible by setting
PAM_AUSER, but only sshd-hostbased service can set this PAM_AUSER.
According to 
pam_roles(5) man page, after making following changes to /etc/pam.conf,
remote role assumption should work.

"sshd-hostbased account requisite allow_remote"

1) My doubt is, In pam_roles man page it is not clearly mentioned, will
it work with Open-ssh or SSH?

2) So can you please tell me, is this sshd-hostbased service will set
PAM_AUSER or not?

If the mail is not clear, please do reply without any hesitation.

Thanks in advance,

More information about the openssh-unix-dev mailing list