Re: Per-User Authentication with Linux PAM?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Il 17/02/2010 14:45, Nick Owen ha scritto:
> I may be missing something, but it seems to me that you can set
> /etc/pam.d/login to use pam_usb and then set /etc/pam.d/sshd to use
> radius or whatever method you'd like for remote access, correct?

Yes, I think you are right.

I could differentiate the kind of authentication to be used on the basis
of the requested service, that is: pam_usb for the local login (/bin/sh)
and pam_obc for the ssh remote access (/usr/bin/ssh). It should work...

This would restrict the remote access to the ssh protocol but this
should not be a real problem because many other services can be
"tunneled" throught ssh anyway (and ssh is much more secure than other,
older protocols like telnet).

Thanks fo having suggested it. I'll try it.

PS: the possibility to have a per-user configuration of PAM, using
pam_per_user or pam_succed_if, is still fascinating and I think I will
investigate it some more in any case. I just saw that FreeBSD supports
pam_per_user in a official way. It is strange that the same module is
not supported by Ubuntu or any other major Linux distro.

Alessandro Bottoni

"An expert is a man who has made all the mistakes which can be made in a
very narrow field."
     -- Niels Bohr

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux