Using 'ForceCommand' Option
Nico Kadel-Garcia
nkadel at gmail.com
Sat Mar 5 11:06:26 AEDT 2016
On Fri, Mar 4, 2016 at 4:02 AM, Dag-Erling Smørgrav <des at des.no> wrote:
> Lesley Kimmel <lesley.j.kimmel at gmail.com> writes:
>> So I probably shouldn't have said "arbitrary" script. What I really
>> want to do is to present a terms of service notice (/etc/issue). But I
>> also want to get the user to actually confirm (by typing 'y') that
>> they accept. If they try to exit or type anything other than 'y' they
>> will be denied access.
>
> It is relatively trivial to write a PAM module to do that.
>
> DES
> --
> Dag-Erling Smørgrav - des at des.no
Which will have the relevant configuration overwritten and disabled
the next time you run "authconfig" on Red Hat based sysems. I'm not
sure if this occurs with other systems, but tuning PAM is like tuning
SELinux: it's a lot of extra work with little return-on-investment,
and in this case for a change that will irritate *every single user*
and break a number of API's. I can't recommend this approach.
More information about the openssh-unix-dev
mailing list