[PATCH] Specify PAM Service name in sshd_config

Jan Pechanec jan.pechanec at oracle.com
Wed May 15 10:01:48 EST 2013 

On Mon, 13 May 2013, Iain Morgan wrote:

>Please ignore what I said regarding extending submethod support in
>AuthenticationMethods. We would still need a mechanism to specify the
>alternative PAM service used by keyboard-interactive in cases where
>AuthenticationMethods is not used.

	Iain, aside from PAMServiceName, we have implemented 
PAMServicePrefix in Solaris so that admins can use different PAM service 
names for different auth methods:

     PAMServicePrefix

         Specifies the PAM service name prefix for service  names
         used  for  individual  user  authentication methods. The
         default is sshd. The PAMServiceName and PAMServicePrefix
         options  are  mutually  exclusive  and if both set, sshd
         does not start.

         For example, if this option is set to admincli, the ser-
         vice  name  for  the keyboard-interactive authentication
         method is admincli-kbdint instead of the  default  sshd-
         kbdint.

	J.

>However, I hsould note the following item which has been on the TODO
>list for many years.
>
>% grep 'PAM service' TODO
> - Use different PAM service name for kbdint vs regular auth (suggest from
>
>

-- 
Jan Pechanec <jan.pechanec at oracle.com>

More information about the openssh-unix-dev mailing list