[PATCH] Specify PAM Service name in sshd_config

Damien Miller djm at mindrot.org
Fri May 17 09:42:54 EST 2013


On Wed, 15 May 2013, Iain Morgan wrote:

> Hmm, what if PAMServiceName supported some % macros? Some candidates
> would be %c for the executable, %m for the authentication method, and %p
> for the server port.
> 
> This would allow something like:
> 
> 	PAMServiceName	%c-%m
> 
> or
> 
> 	PAMServiceName	admincli-%m

I think this approach is reasonable. Whomever implements it, please
include host address too :)

I'm not sure what changes will be necessary to support this - remember
that we now offer multiple auth, so a user might run pubkey+kbdint or
GSSAPI+password. Which auth, account and session stack should we run in
these cases?

-d



More information about the openssh-unix-dev mailing list