AW: AW: AW: Pam configuration files

Debian-User office at thinktank.at
Thu Apr 15 09:29:14 UTC 2004 

Gary,

I'm afraid that this doesn't work in every case (at least not at our
servers). I was testing exactly that configuration you described and
noticed two things:

1) the original sshd-file is called "sshd" (in /usr/sbin), while the
original PAM-file (in /etc/pam.d) is called "ssh" (without a "d"),
indicating that ssh IS NOT deriving the pam service name from argv[0]
(now I remember again why I didn't try that in the first place ...)

2) as a consequence my "derived" copy of sshd (/usr/sbin/gatewaysshd in
this case) still uses /etc/pam.d/ssh anyway (therefore simply ignoring
the name change and the contents in /etc/pam.d/gatewaysshd) - I checked
this by making changes to /etc/pam.d/ssh which took effect upon
restarting /usr/sbin/gatewaysshd (quite not what I wanted ...)

btw, my ssh-Version is: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3

Do you have ANY idea what to try next???

TIA
Sascha


> -----Ursprüngliche Nachricht-----
> Von: pam-list-bounces at redhat.com 
> [mailto:pam-list-bounces at redhat.com] Im Auftrag von Gary Algier
> Gesendet: Freitag, 09. April 2004 14:04
> An: Pluggable Authentication Modules
> Betreff: Re: AW: AW: Pam configuration files
> 
> 
> Debian-User wrote:
> > Gary,
> > 
> > thanks a lot for this information! This seems to be exactly 
> what I was
> > looking for. I think that I'll have to do some testing over 
> the weekend
> > now ... 
> > 
> > (btw, right now I think that it can also be done with only one
> > IP-address [by specifying different ports in the 
> sshd_config-files - and
> > configuring the firewall to only allow internal or external 
> traffic to
> > the according port]; but it wont't hurt if I really should 
> need to use
> > two IP-addresses anyway)
> > 
> > Thanks again!
> > Sascha
> > P.S. BTW: Did I overlook that in any manual/documentation ??? (" ...
> > don't read documentation voluntarily" ;-)
> > 
> I found the reference to argv[0] while reading through some 
> documentaion the
> last time I was building ssh.  I was grepping for "pam" 
> through the ssh
> source to look something up and ran into it.  I don't 
> remember where it is
> "officially" documented.  I don't see it when I run "man sshd".
> > 
> > 
> 
> 
> -- 
> Gary Algier, WB2FWZ          gaa at ulticom.com             
> +1 856 787 2758
> Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      
> Fax:+1 856 866 2033
> 
> Nielsen's First Law of Computer Manuals:
>      People don't read documentation voluntarily.
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>

More information about the Pam-list mailing list