Using 'ForceCommand' Option
Dag-Erling Smørgrav
des at des.no
Sun Mar 6 00:08:43 AEDT 2016
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > It is relatively trivial to write a PAM module to do that.
> Which will have the relevant configuration overwritten and disabled
> the next time you run "authconfig" on Red Hat based sysems. I'm not
> sure if this occurs with other systems, but tuning PAM is like tuning
> SELinux: it's a lot of extra work with little return-on-investment,
> and in this case for a change that will irritate *every single user*
> and break a number of API's. I can't recommend this approach.
It won't break any APIs, and have you considered that OP might not have
a choice? That this may be a legal requirement?
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list