[PATCH] Specify PAM Service name in sshd_config
Jan Pechanec
jan.pechanec at oracle.com
Thu May 16 05:03:16 EST 2013
On Wed, 15 May 2013, Schmidt, Kenneth P wrote:
<...>
>> PAMServicePrefix
>>
>> Specifies the PAM service name prefix for service names
>> used for individual user authentication methods. The
>> default is sshd. The PAMServiceName and PAMServicePrefix
>> options are mutually exclusive and if both set, sshd
>> does not start.
>>
>> For example, if this option is set to admincli, the ser-
>> vice name for the keyboard-interactive authentication
>> method is admincli-kbdint instead of the default sshd-
>> kbdint.
>>
>> J.
>>
<...>
>Why not just use the PAMServiceName and use a Flag to indicate that the
>authentication method should be appended to the PAM service? So something
>like
>
>PAMServiceName admincli
>PAMAppendAuthMethod yes
>
>would be admincli-kbdint. That way both the pam service and the auth
>method could be specified without worrying about the options being
>mutually exclusive and preventing a possible invalid configuration to be
>specified.
I personally think it's more complicated since you'd always need
both options' values to figure out what will be the PAM service name,
either explicitly stated in the config file or their implicit default
value(s). J.
--
Jan Pechanec <jan.pechanec at oracle.com>
More information about the openssh-unix-dev
mailing list