[EXTERNAL] Re: ssh wish list?
Thomas Köller
thomas at koeller.dyndns.org
Thu Oct 19 07:54:06 AEDT 2023
Am 18.10.23 um 22:31 schrieb Chris Rapier:
> So what if this was done as a PAM module? That would :
>
> a) reduce the code that the openssh dev team needs to maintain as it
> doesn't really touch ssh at all
> b) reduces code complexity, path breaking, etc.
> c) is self contained and optional for those that really want it.
The decision whether to accept or reject a login attempt is made by sshd
internally without consulting PAM at all, certainly if user
authentication is not by password but by public key or some other
mechanism. For details, see my patch, which also contains some
documentation.
More information about the openssh-unix-dev
mailing list