Date: Sat, 14 Sep 2013 01:24:27 GMT From: Yuri Victorovich <yuri@tsoft.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/182074: [PATCH port www/shellinabox] Added an option to login as ssh (as opposed to as login(1)) Message-ID: <201309140124.r8E1ORkD072360@oldred.freebsd.org> Resent-Message-ID: <201309140130.r8E1U06F037736@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 182074 >Category: ports >Synopsis: [PATCH port www/shellinabox] Added an option to login as ssh (as opposed to as login(1)) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 14 01:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Yuri Victorovich >Release: 9.1 >Organization: n/a >Environment: >Description: I need shellinabox login prompt to go through pam google authenticator for security purposes. Currently shellinabox by default uses login(1). login(1) can be configured for google authenticator through the pam config. But this isn't practical, because login(1) is used for the local login, and it isn't desirable to use google authenticator with the local logins. shellinabox has an option to disable login(1), which practically makes it to login through ssh. There is some notion of pam login as "shellinabox" service in the code, but it appears this part of code isn't complete and isn't activated by default. So making it login as ssh is a good intermediate option for the time being. This way ssh login can be configured as google authenticator and it works fine through shellinabox too. There is the shellinabox PR https://code.google.com/p/shellinabox/issues/detail?id=187 asking for improvement in this area. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 326997) +++ Makefile (working copy) @@ -17,8 +17,9 @@ LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING -OPTIONS_DEFINE= CORES MANPAGES +OPTIONS_DEFINE= CORES NOLOGIN MANPAGES CORES_DESC= Patch shellinaboxd to enable core dumps +NOLOGIN_DESC= Login through ssh (not through login) HAS_CONFIGURE= yes CONFIGURE_ARGS= \ @@ -41,6 +42,11 @@ .include <bsd.port.pre.mk> +.if ${PORT_OPTIONS:MNOLOGIN} +CONFIGURE_ARGS+=--disable-login +.endif + + .if ${ARCH} == "powerpc" BROKEN= Does not load on powerpc .endif >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309140124.r8E1ORkD072360>