Hi guys, concerning the "Pam configuration files" issue, I would like to ask if there is a way to tell ssh (via different config-files) to use different authentication methods (ie to use a special pam_service-name) My idea is as follows: having one box with two instances of ssh running. One instance is only accessible from outside the firewall (with strong authentication), the other instance is only accessible from inside the firewall (and hence has significantly different - ie "loser" - authentication requirements). Would that be possible without having to recompile the ssh-binary? I want to avoid that for several reasons! (It should be possible to use two different config-files and hence two different ports - and only one port is allowed for external access on the firewall - with only one binary; but is it also possible to specify the pam_service-name to use in the ssh-config-file?) TIA for any help you can offer. Sascha > -----Ursprüngliche Nachricht----- > Von: pam-list-admin@xxxxxxxxxx > [mailto:pam-list-admin@xxxxxxxxxx] Im Auftrag von Joe Lewis > Gesendet: Mittwoch, 25. Februar 2004 20:24 > An: pam-list@xxxxxxxxxx > Betreff: Re: Pam configuration files > > > Yes, the application calls it with the service name, and that is the > name of the configuration file. If it uses the old method > where there > is one pam.conf file, each line is prefixed with that service > name for > specifying configurations. > > Joe > > Boris Breslav wrote: > > > Joe, Heiko, thanks a lot for your quick reply. > > But even if the application itself is responsible for the > service name, can > > I be sure that the following is always true?: > > PAM_SERVICE = name of the file in the /etc/pam.d directory > > > > Boris > > > > ----- Original Message ----- > > From: "Heiko Hund" <heiko@xxxxxxxxxxxxxxxxxx> > > To: <pam-list@xxxxxxxxxx> > > Sent: Wednesday, February 25, 2004 8.48 PM > > Subject: Re: Pam configuration files > > > > > > > >>Hey Boris, > >> > >> > >>>Now it is even more interesting. I wrote a sample module > and I printed > > > > out > > > >>>the PAM_SERVICE item for FTP connection and it was "ftp" > and not "ftpd" > >>>So what is it a typo in the Administration Guide? > >> > >>not at all. Every PAM enabled application chooses its own > service name. > >>Therefore it could be anything. It is only a convention to > choose the > >>name of the app. Obviously your ftpd chose `ftp' as a > service name. That > >>also is why the file in /etc/pam.d is named `ftp' and not > `ftpd'. If you > >>dislike that, you may recompile the ftpd with a service > name you like. > >> > >>Greetings > >>Heiko > >>-- > >>------------------------------------------------------------------- > >> of course they say every atom of our body was once part of a star > >> maybe I'm not leaving, maybe I'm going home > >>------------------------------------------------------ [gattaca] -- > >> > >> > >>_______________________________________________ > >> > >>Pam-list@xxxxxxxxxx > >>https://www.redhat.com/mailman/listinfo/pam-list > > > > > > > > _______________________________________________ > > > > Pam-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/pam-list > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list