Does OpenSSH support setting PAM_AUSER
Godugu, Rajeshwar (NSN - IN/Bangalore)
rajeshwar.godugu at nsn.com
Mon Sep 15 22:01:56 EST 2008
Hi All,
I have Openssh "OpenSSH_5.1p1, OpenSSL 0.9.7d 17 Mar 2004" installed on
machines which has the solaris10 as OS.
I have a requirement to implement RBAC (Role Based Access Control) on my
system.
As part of RBAC, I have to provide remote role2role login feature (For
more details:
http://bugs.opensolaris.org/view_bug.do;jsessionid=bac85b2b6bd564e843af4
907bd1?bug_id=6213280
http://opensolaris.org/jive/thread.jspa?threadID=64615&tstart=45 )
By default roles doesn't support remote login to roles, reason behind
this is PAM (pluggable authentication .module) module pam_roles will not
allow remote user's to assume roles.
For more details:
http://docs.sun.com/app/docs/doc/819-2252/pam-roles-5?a=view
pam_roles man page says that this feature is possible by setting
PAM_AUSER, but only sshd-hostbased service can set this PAM_AUSER.
According to
pam_roles(5) man page, after making following changes to /etc/pam.conf,
remote role assumption should work.
"sshd-hostbased account requisite pam_roles.so.1 allow_remote"
1) My doubt is, In pam_roles man page it is not clearly mentioned, will
it work with Open-ssh or SSH?
2) So can you please tell me, is this sshd-hostbased service will set
PAM_AUSER or not?
If the mail is not clear, please do reply without any hesitation.
Thanks in advance,
Regards,
Rajas
More information about the openssh-unix-dev
mailing list