[PATCH] Specify PAM Service name in sshd_config

Jan Pechanec jan.pechanec at oracle.com
Thu May 16 05:03:16 EST 2013


On Wed, 15 May 2013, Schmidt, Kenneth P wrote:

<...>
>>     PAMServicePrefix
>>
>>         Specifies the PAM service name prefix for service  names
>>         used  for  individual  user  authentication methods. The
>>         default is sshd. The PAMServiceName and PAMServicePrefix
>>         options  are  mutually  exclusive  and if both set, sshd
>>         does not start.
>>
>>         For example, if this option is set to admincli, the ser-
>>         vice  name  for  the keyboard-interactive authentication
>>         method is admincli-kbdint instead of the  default  sshd-
>>         kbdint.
>>
>>	J.
>>

<...>

>Why not just use the PAMServiceName and use a Flag to indicate that the
>authentication method should be appended to the PAM service?  So something
>like 
>
>PAMServiceName	admincli
>PAMAppendAuthMethod	yes
>
>would be admincli-kbdint.  That way both the pam service and the auth
>method could be specified without worrying about the options being
>mutually exclusive and preventing a possible invalid configuration to be
>specified.

	I personally think it's more complicated since you'd always need 
both options' values to figure out what will be the PAM service name, 
either explicitly stated in the config file or their implicit default 
value(s). J.

-- 
Jan Pechanec <jan.pechanec at oracle.com>


More information about the openssh-unix-dev mailing list