Il 17/02/2010 14:45, Nick Owen ha scritto: > I may be missing something, but it seems to me that you can set > /etc/pam.d/login to use pam_usb and then set /etc/pam.d/sshd to use > radius or whatever method you'd like for remote access, correct? Yes, I think you are right. I could differentiate the kind of authentication to be used on the basis of the requested service, that is: pam_usb for the local login (/bin/sh) and pam_obc for the ssh remote access (/usr/bin/ssh). It should work... This would restrict the remote access to the ssh protocol but this should not be a real problem because many other services can be "tunneled" throught ssh anyway (and ssh is much more secure than other, older protocols like telnet). Thanks fo having suggested it. I'll try it. PS: the possibility to have a per-user configuration of PAM, using pam_per_user or pam_succed_if, is still fascinating and I think I will investigate it some more in any case. I just saw that FreeBSD supports pam_per_user in a official way. It is strange that the same module is not supported by Ubuntu or any other major Linux distro. -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ "An expert is a man who has made all the mistakes which can be made in a very narrow field." -- Niels Bohr _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list