[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh with pam support..



Matt,

Matt wrote:
> My current problem with pam is allowing people to migrate from Unix
> passwords (anykind) to kerberos passwords.  How would I construct the
> config file to accept a password from one auth method and write it with
> another, deleting the old password at the same time.  This needs to be
> done with two seperate modules as I am migrating from shadowed passwords
> to kerberos passwords.  Any ideas or suggestions?  Or am I making a custom
> version of the passwd program?

I'd guess that a custom module is in order and something like the
following scheme:

/etc/pam.d/ssh

	....
	auth  sufficient	pam_kerberos.so
	auth  required		pam_pwdb.so
	auth  required		pam_migrate_me.so
	....

The last module needs to read the PAM_AUTHTOK and do all the necessary
things to migrate the password as part of the authentication process.

Cheers

Andrew
-- 
new job - new sig file under construction...



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []