[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Help! PAM & S/Key



On Mon, 1 Jun 1998, Nalin Dahyabhai wrote:

> That said, it should be possible to rebuild in.telnetd to exec another
> version of login (say, /bin/remotelogin) which itself was built to use a
> different PAM service name, and would therefore use a different
> configuration file.
> 
> I don't know if this opens up any security holes, but it should get the
> job done.  If I'm flat-out wrong here, I hope someone will correct me.

> Anyone know of an easier way?
Yes. Using the newer features of the pam config file format, it's possible
to use pam_listfile.so to check whether the user is on a local or remote
tty, and handle authentication differently depending on the outcome. I
can't give an example, since I've never needed the functionality and
therefore never familiarized myself with it, but it is there. :)

                          -Steve Langasek
-doink-



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []