https://bugzilla.mindrot.org/show_bug.cgi?id=2246
--- Comment #4 from [email protected] --- I have completed the implementation of the new "PAMServiceName" option that you suggested. I also fixed the PAM state problem that Damier brought up in July and fixed the pam_acct_mgmt() problem I discovered myself. Attached is the new PAMServiceName implementation patch. Could you please review it and let me know if there are any problems ? We really want to keep our OpenSSH deliverables as close to the upstream as possible; if possible, could you please let us know at your earliest convenience as we are trying to complete our current release which we strive to be in-sync with the future OpenSSH release. For your reference, this new PAMServiceName option is documented in the sshd_config man page as below: ----------------------------------------------------------------------- PAMServiceName Specifies the PAM service name for the PAM session. The valid arguments are "service_name" or "service_name-%m". 1) PAMServiceName service_name Specifies the PAM service for all user authentications, where "service_name" is the PAM service name. For example, if "PAMServiceName mysshd" is specified, then "mysshd" is the PAM service name for all user authentications. 2) PAMServiceName service_name-%m This option only applies to SSH protocol 2. With "-%m", each user authentication type has its own PAM service name. For example, if "PAMServiceName sshd-%m" is specified, then the pam service name is expanded to sshd-pubkey for public key authentication, to sshd-kbdint for keyboard- interactive authentication, and so on. SSHv2 Userauth Expanded PAMServiceName -------------- ----------------------- none sshd-none password sshd-password keyboard-interactive sshd-kbdint publickey sshd-pubkey hostbased sshd-hostbased gssapi-with-mic sshd-gssapi If "PAMServiceName mysshd-%m" is specified, then the PAM service name is expanded to mysshd-pubkey for public key authentication, to mysshd-kbdint for keyboard-interactive authentication, and so on. SSHv2 Userauth Expanded PAMServiceName -------------- ----------------------- none mysshd-none password mysshd-password keyboard-interactive mysshd-kbdint publickey mysshd-pubkey hostbased mysshd-hostbased gssapi-with-mic mysshd-gssapi 3) If "PAMServiceName service_name" or "PAMServiceName service_name-%m" is not specified, then "sshd" is the PAM service name for all user authentications. Note that this matches well with the current OpenSSH default behavior. ----------------------------------------------------------------------- Thanks, Huie-Ying Lee -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
