AW: AW: AW: Pam configuration files
Debian-User
office at thinktank.at
Thu Apr 15 09:29:14 UTC 2004
Gary,
I'm afraid that this doesn't work in every case (at least not at our
servers). I was testing exactly that configuration you described and
noticed two things:
1) the original sshd-file is called "sshd" (in /usr/sbin), while the
original PAM-file (in /etc/pam.d) is called "ssh" (without a "d"),
indicating that ssh IS NOT deriving the pam service name from argv[0]
(now I remember again why I didn't try that in the first place ...)
2) as a consequence my "derived" copy of sshd (/usr/sbin/gatewaysshd in
this case) still uses /etc/pam.d/ssh anyway (therefore simply ignoring
the name change and the contents in /etc/pam.d/gatewaysshd) - I checked
this by making changes to /etc/pam.d/ssh which took effect upon
restarting /usr/sbin/gatewaysshd (quite not what I wanted ...)
btw, my ssh-Version is: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
Do you have ANY idea what to try next???
TIA
Sascha
> -----Ursprüngliche Nachricht-----
> Von: pam-list-bounces at redhat.com
> [mailto:pam-list-bounces at redhat.com] Im Auftrag von Gary Algier
> Gesendet: Freitag, 09. April 2004 14:04
> An: Pluggable Authentication Modules
> Betreff: Re: AW: AW: Pam configuration files
>
>
> Debian-User wrote:
> > Gary,
> >
> > thanks a lot for this information! This seems to be exactly
> what I was
> > looking for. I think that I'll have to do some testing over
> the weekend
> > now ...
> >
> > (btw, right now I think that it can also be done with only one
> > IP-address [by specifying different ports in the
> sshd_config-files - and
> > configuring the firewall to only allow internal or external
> traffic to
> > the according port]; but it wont't hurt if I really should
> need to use
> > two IP-addresses anyway)
> >
> > Thanks again!
> > Sascha
> > P.S. BTW: Did I overlook that in any manual/documentation ??? (" ...
> > don't read documentation voluntarily" ;-)
> >
> I found the reference to argv[0] while reading through some
> documentaion the
> last time I was building ssh. I was grepping for "pam"
> through the ssh
> source to look something up and ran into it. I don't
> remember where it is
> "officially" documented. I don't see it when I run "man sshd".
> >
> >
>
>
> --
> Gary Algier, WB2FWZ gaa at ulticom.com
> +1 856 787 2758
> Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054
> Fax:+1 856 866 2033
>
> Nielsen's First Law of Computer Manuals:
> People don't read documentation voluntarily.
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
More information about the Pam-list
mailing list