Date: Mon, 25 Sep 2017 17:30:11 -0700 (PDT) From: "Dan Mahoney (Gushi)" <danm@prime.gushi.org> To: questions@freebsd.org Subject: Why does chsh not support PAM? Message-ID: <alpine.BSF.2.20.1709251727100.58574@prime.gushi.org>
next in thread | raw e-mail | index | archive | help
Hey all, At the day job, our systems are Kerberized. People log in with a kerberized ssh client (which checks Kerberos internally, rather than via a PAM module), or use GSSAPI-enabled ssh. People get root via ksu. Everyone has a "*" as their password entry in /etc/master.passwd All this stuff is in -BASE. Here's my question: Why have we not PAM-ified chsh yet? Such that a user can change their shell or GECOS information using only their kerberos password. How hard would this be to implement, rather than adding a hardcoded check against the password file in programs like chsh? -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1709251727100.58574>