AW: AW: Pam configuration files

Debian-User office at thinktank.at
Fri Apr 9 08:12:28 UTC 2004


Gary,

thanks a lot for this information! This seems to be exactly what I was
looking for. I think that I'll have to do some testing over the weekend
now ... 

(btw, right now I think that it can also be done with only one
IP-address [by specifying different ports in the sshd_config-files - and
configuring the firewall to only allow internal or external traffic to
the according port]; but it wont't hurt if I really should need to use
two IP-addresses anyway)

Thanks again!
Sascha
P.S. BTW: Did I overlook that in any manual/documentation ??? (" ...
don't read documentation voluntarily" ;-)


> -----Ursprüngliche Nachricht-----
> Von: pam-list-bounces at redhat.com 
> [mailto:pam-list-bounces at redhat.com] Im Auftrag von Gary Algier
> Gesendet: Donnerstag, 08. April 2004 22:43
> An: Pluggable Authentication Modules
> Betreff: Re: AW: Pam configuration files
> 
> 
> Debian-User wrote:
> > Hi guys,
> > 
> > concerning the "Pam configuration files" issue, I would 
> like to ask if
> > there is a way to tell ssh (via different config-files) to 
> use different
> > authentication methods (ie to use a special pam_service-name)
> 
> Sascha:
> 
> The pam service used by sshd is derived from argv[0] as passed to the
> sshd startup command.
> 
> You should be able to do this:
> 
>      cd /usr/sbin
>      ln sshd gatewaysshd
>      cd /etc/sshd
>      cp sshd_config gatewaysshd_config
> Then edit the first to only listen to an address only accessible from
> the inside and edit the second to listen to an address accessible from
> the outside (you need two IP addresses, by the way).  The second
> should be more restrictive.
> 
>      Then make a copy of the rc script and doctor it to
>      invoke the new sshd as:
>          /usr/sbin/gatewaysshd -f /etc/ssh/gatewaysshd_config
> [...]
> 
> -- 
> Gary Algier, WB2FWZ          gaa at ulticom.com             
> +1 856 787 2758
> Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      
> Fax:+1 856 866 2033
> 
> Nielsen's First Law of Computer Manuals:
>      People don't read documentation voluntarily.
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
> 





More information about the Pam-list mailing list