martin f krafft wrote:
also sprach Adrian von Bidder <[EMAIL PROTECTED]> [2007.01.11.1855 +0100]:
Anybody has an idea if and how this is possible? The obvious but
ugly solution would be to run a second sshd on a different port,
but I'd rather avoid that.
It'll be possible if and only if SSH differentiates between
authentication and authorisation/session. If it does, you can limit
authentication with PAM via pam_file to one user, knowing that
publickey auth will be handled by sshd. All users, however, need to
be authenticated against the PAM session component.
I missed the context here (the reply seems to have been cc'ed to
secureshell but the original request wasn't).
OpenSSH 4.4 added a "Match" directive to sshd_config that allows per-X
overriding of some configuration directives. Authentications aren't
supported yet but I have a patch that adds it which hopefully will be in
the next release. This would allow you to do something like the
following for the user "sftpuser":
PasswordAuthentication no
Match User sftpuser
PasswordAuthentication yes
If you're interested I can supply a copy of the patch that adds auth
support (against 4.5p1).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
