On Wed, 2004-06-23 at 13:34, Matthew Vernon wrote: > Is there a reason you couldn't symlink the PAM config file if > necessary?
Err, perhaps I didn't describe the problem well enough. Normally when you compile openssh without SSHD_PAM_SERVICE defined, it uses the name of the program (basename of argv[0]) as the pam service. This allows you to do something like make a symlink to the binary with a different name and use that as the pam service. e.g.: # ln -s /usr/sbin/sshd /usr/sbin/sshd-opie ...and then have a pam stack in... /etc/pam.d/sshd-opie The problem is that when SSHD_PAM_SERVICE is defined at compile time, it always uses that as the pam service regardless of what the binary is named. This means that you're limited to a single pam stack for ssh regardless of how many ssh daemons you run on the box. IMHO, it would be best if this was settable via sshd_config, but the OpenSSH team doesn't seem receptive to the idea, as they want to keep changes between the official and portability releases to a bare minimum. The way to fix this would be to not define SSHD_PAM_SERVICE at compile time (remove it from CFLAGS), and then rename the file in /etc/pam.d to 'sshd' instead of 'ssh'. Thoughts? -- Jeff Layton <[EMAIL PROTECTED]>
