From owner-freebsd-questions@freebsd.org Tue Sep 26 00:30:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E102E2756F for ; Tue, 26 Sep 2017 00:30:28 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0D94A6EB37 for ; Tue, 26 Sep 2017 00:30:28 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: by mailman.ysv.freebsd.org (Postfix) id 09892E2756E; Tue, 26 Sep 2017 00:30:28 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 09145E2756D for ; Tue, 26 Sep 2017 00:30:28 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2001:4f8:3:3d::42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "prime.gushi.org", Issuer "RapidSSL SHA256 CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E08076EB36 for ; Tue, 26 Sep 2017 00:30:27 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (danm@localhost [127.0.0.1]) by prime.gushi.org (8.15.2/8.15.2) with ESMTPS id v8Q0UBxH059043 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 25 Sep 2017 17:30:13 -0700 (PDT) (envelope-from danm@prime.gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org v8Q0UBxH059043 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1506385668; bh=TLJGod7t4bSVFnvyvP5nYdULHvA3tDWokzwxeHO8Xyo=; h=Date:From:To:Subject; z=Date:=20Mon,=2025=20Sep=202017=2017:30:11=20-0700=20(PDT)|From:=2 0"Dan=20Mahoney=20(Gushi)"=20|To:=20question s@freebsd.org|Subject:=20Why=20does=20chsh=20not=20support=20PAM?; b=BrSW4ajryegkXmsuYRQEUZunFjHegrT9tVPYQZk58oxKyj7fdciy7Y3jHWD0wyuWJ u9+yAttL1CKXHmEnvktkKT0xLj1Jcy8olsbGarb+jiE2CbOSgRZzFEUdaPVXcTD6vF 1nlwX5pFNeU2ltEwhIZJewk9BB1Pvx/v78bSmO36Pc0O4vnV0U4C9egSAYdr4CnTXO tqJ66dyv3e28rm08VYOHhomuqA26HClgFqKRoTTuw7qOfsdaP5OupId0x+eAgM37fQ wOZW6Qpi2LLUjMoKyv1caoNXkEix/xfTssv/NtwDEIlwmfmYz4/PeJAW2v+5vvv9bo nq3KgZm9FGjHQ== X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 prime.gushi.org v8Q0UBxH059043 DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=prime.gushi.org; c=nofws; q=dns; h=received:date:from:to:subject:message-id:user-agent: x-openpgp-key-id:mime-version:content-type; b=dj0v3LlZYM88PrIxnDZ2r7fpEYvI03xd/yZ7zrBy3IIlFZYHHKLb0lajHU52P2J9B m492EQvvVE9qktRyqe0oQ== Received: (from danm@localhost) by prime.gushi.org (8.15.2/8.15.2/Submit) id v8Q0UBfq059042; Mon, 25 Sep 2017 17:30:11 -0700 (PDT) (envelope-from danm) Date: Mon, 25 Sep 2017 17:30:11 -0700 (PDT) From: "Dan Mahoney (Gushi)" To: questions@freebsd.org Subject: Why does chsh not support PAM? Message-ID: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) X-OpenPGP-Key-ID: 0x624BB249 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (prime.gushi.org [127.0.0.1]); Tue, 26 Sep 2017 00:27:49 +0000 (UTC) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 00:30:28 -0000 Hey all, At the day job, our systems are Kerberized. People log in with a kerberized ssh client (which checks Kerberos internally, rather than via a PAM module), or use GSSAPI-enabled ssh. People get root via ksu. Everyone has a "*" as their password entry in /etc/master.passwd All this stuff is in -BASE. Here's my question: Why have we not PAM-ified chsh yet? Such that a user can change their shell or GECOS information using only their kerberos password. How hard would this be to implement, rather than adding a hardcoded check against the password file in programs like chsh? -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------