4.x, PAM, password facility - Charles Sprickman - org.freebsd.freebsd-security

3 messages in org.freebsd.freebsd-security4.x, PAM, password facility

From	Sent On	Attachments
Charles Sprickman	Jun 18, 2004 8:37 pm
Peter Pentchev	Jun 21, 2004 6:54 am
Dag-Erling Smørgrav	Jun 21, 2004 3:22 pm

Subject:	4.x, PAM, password facility
From:	Charles Sprickman (spo...@inch.com)
Date:	Jun 18, 2004 8:37:44 pm
List:	org.freebsd.freebsd-security

Hi,

I've been playing around with pam_mysql, and have it working for interactive logins (backed by /etc/passwd entries for uid/gid w/*'d password field) and it works well so far.

Looking at the source to the module, it does support password changing. So I put in the following entry in pam.conf:

sshd password required pam_mysql.so user=root db=pam table=users
crypt=1

However, it doesn't seem to hit the module at all for password changes. I also noticed the default line is like so:

sshd password required pam_permit.so

I would have expected a "pam_unix.so" there instead. Is the password facility implemented in 4.x?

And since I know there's someone lurking here that knows this, is there any way to have OpenSSH deny a login when a user has key-based auth setup on their account? I never found a good way to take care of that; changing the shell, etc. is a bit awkward.

Thanks,

Charles

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets