Date: Sun, 17 Apr 2022 13:04:37 +0200 From: FreeBSD User <freebsd@walstatt-de.de> To: FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: PAM: SSH: reject login when homdir does not exist? Message-ID: <20220417130437.740721de@hermann>
next in thread | raw e-mail | index | archive | help
Hello fellows, happy Easter! I run into a security issue this morning here and tried to look for a solution. We use OpenLDAP for all "regular users" login on hosts and web services. Authentication is required from some cloud/moodle services via LDAP, but some users not having any homedirectory on any machine within the domain will still be allowed to login, even if the home dir is not present. They get loged in onto the root of the filesystem, when login via SSH. Is there a way to prohibit login if homedir isn't present? Can you point me to the right place (PAM or something, pam_env isn't available on FreeBSD)? If this is a trivial issue and caused by lack of my personell knowledge, please excuse. Kind regards, O. Hartmann
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220417130437.740721de>