Gary, I'm afraid that this doesn't work in every case (at least not at our servers). I was testing exactly that configuration you described and noticed two things: 1) the original sshd-file is called "sshd" (in /usr/sbin), while the original PAM-file (in /etc/pam.d) is called "ssh" (without a "d"), indicating that ssh IS NOT deriving the pam service name from argv[0] (now I remember again why I didn't try that in the first place ...) 2) as a consequence my "derived" copy of sshd (/usr/sbin/gatewaysshd in this case) still uses /etc/pam.d/ssh anyway (therefore simply ignoring the name change and the contents in /etc/pam.d/gatewaysshd) - I checked this by making changes to /etc/pam.d/ssh which took effect upon restarting /usr/sbin/gatewaysshd (quite not what I wanted ...) btw, my ssh-Version is: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 Do you have ANY idea what to try next??? TIA Sascha > -----Ursprüngliche Nachricht----- > Von: pam-list-bounces@xxxxxxxxxx > [mailto:pam-list-bounces@xxxxxxxxxx] Im Auftrag von Gary Algier > Gesendet: Freitag, 09. April 2004 14:04 > An: Pluggable Authentication Modules > Betreff: Re: AW: AW: Pam configuration files > > > Debian-User wrote: > > Gary, > > > > thanks a lot for this information! This seems to be exactly > what I was > > looking for. I think that I'll have to do some testing over > the weekend > > now ... > > > > (btw, right now I think that it can also be done with only one > > IP-address [by specifying different ports in the > sshd_config-files - and > > configuring the firewall to only allow internal or external > traffic to > > the according port]; but it wont't hurt if I really should > need to use > > two IP-addresses anyway) > > > > Thanks again! > > Sascha > > P.S. BTW: Did I overlook that in any manual/documentation ??? (" ... > > don't read documentation voluntarily" ;-) > > > I found the reference to argv[0] while reading through some > documentaion the > last time I was building ssh. I was grepping for "pam" > through the ssh > source to look something up and ran into it. I don't > remember where it is > "officially" documented. I don't see it when I run "man sshd". > > > > > > > -- > Gary Algier, WB2FWZ gaa at ulticom.com > +1 856 787 2758 > Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 > Fax:+1 856 866 2033 > > Nielsen's First Law of Computer Manuals: > People don't read documentation voluntarily. > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
