4.x, PAM, password facility

From: Charles Sprickman (spork_at_inch.com)
Date: 06/18/04

  • Next message: Peter Pentchev: "Re: 4.x, PAM, password facility"
    Date: Fri, 18 Jun 2004 16:26:19 -0400 (EDT)
    To: freebsd-security@freebsd.org


    I've been playing around with pam_mysql, and have it working for
    interactive logins (backed by /etc/passwd entries for uid/gid w/*'d
    password field) and it works well so far.

    Looking at the source to the module, it does support password changing.
    So I put in the following entry in pam.conf:

    sshd password required pam_mysql.so user=root db=pam table=users crypt=1

    However, it doesn't seem to hit the module at all for password changes. I
    also noticed the default line is like so:

    sshd password required pam_permit.so

    I would have expected a "pam_unix.so" there instead. Is the password
    facility implemented in 4.x?

    And since I know there's someone lurking here that knows this, is there
    any way to have OpenSSH deny a login when a user has key-based auth setup
    on their account? I never found a good way to take care of that; changing
    the shell, etc. is a bit awkward.



    Charles Sprickman
    freebsd-security@freebsd.org mailing list
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Peter Pentchev: "Re: 4.x, PAM, password facility"