Date: Fri, 18 Jun 2004 16:26:19 -0400 (EDT) From: Charles Sprickman <spork@inch.com> To: freebsd-security@freebsd.org Subject: 4.x, PAM, password facility Message-ID: <20040618161910.C70190@shell.inch.com>
next in thread | raw e-mail | index | archive | help
Hi, I've been playing around with pam_mysql, and have it working for interactive logins (backed by /etc/passwd entries for uid/gid w/*'d password field) and it works well so far. Looking at the source to the module, it does support password changing. So I put in the following entry in pam.conf: sshd password required pam_mysql.so user=root db=pam table=users crypt=1 However, it doesn't seem to hit the module at all for password changes. I also noticed the default line is like so: sshd password required pam_permit.so I would have expected a "pam_unix.so" there instead. Is the password facility implemented in 4.x? And since I know there's someone lurking here that knows this, is there any way to have OpenSSH deny a login when a user has key-based auth setup on their account? I never found a good way to take care of that; changing the shell, etc. is a bit awkward. Thanks, Charles -- Charles Sprickman spork@inch.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040618161910.C70190>