Does OpenSSH support setting PAM_AUSER
Godugu, Rajeshwar (NSN - IN/Bangalore)
rajeshwar.godugu at nsn.com
Mon Sep 15 22:01:56 EST 2008
I have Openssh "OpenSSH_5.1p1, OpenSSL 0.9.7d 17 Mar 2004" installed on
machines which has the solaris10 as OS.
I have a requirement to implement RBAC (Role Based Access Control) on my
As part of RBAC, I have to provide remote role2role login feature (For
By default roles doesn't support remote login to roles, reason behind
this is PAM (pluggable authentication .module) module pam_roles will not
allow remote user's to assume roles.
For more details:
pam_roles man page says that this feature is possible by setting
PAM_AUSER, but only sshd-hostbased service can set this PAM_AUSER.
pam_roles(5) man page, after making following changes to /etc/pam.conf,
remote role assumption should work.
"sshd-hostbased account requisite pam_roles.so.1 allow_remote"
1) My doubt is, In pam_roles man page it is not clearly mentioned, will
it work with Open-ssh or SSH?
2) So can you please tell me, is this sshd-hostbased service will set
PAM_AUSER or not?
If the mail is not clear, please do reply without any hesitation.
Thanks in advance,
More information about the openssh-unix-dev