bugzilla-daemon at mindrot.org
2013-May-13 20:28 UTC
[Bug 2102] New: [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Bug ID: 2102 Summary: [PATCH] Specify PAM Service name in sshd_config Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: kenneth.schmidt at pnnl.gov Created attachment 2267 --> https://bugzilla.mindrot.org/attachment.cgi?id=2267&action=edit patch to allow configuring the pam service The attached patch allows openssh to specify which pam service name to authenticate users against by specifying the PAMServiceName attribute in the sshd_config file. Because the parameter can be included in the Match directive sections, it allows different authentication based on the Match directive. In our case, we use it to allow different levels of authentication based on the source of the authentication attempts (securID auth in untrusted zones, password auth in trusted zones). The default is still to use the binary name. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Jun-09 19:55 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Petr Lautrbach <plautrba at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |plautrba at redhat.com --- Comment #1 from Petr Lautrbach <plautrba at redhat.com> --- Created attachment 2439 --> https://bugzilla.mindrot.org/attachment.cgi?id=2439&action=edit patch to allow configuring the pam service -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Jun-09 19:57 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 --- Comment #2 from Petr Lautrbach <plautrba at redhat.com> --- The PAMServiceName option is also useful for systems with multiple sshd instances with different levels of access control, see https://bugzilla.redhat.com/show_bug.cgi?id=1060237 The attached patch is Ken Schmidt's patch rebased for the latest sources. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Sep-17 16:41 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2439|0 |1 is obsolete| | CC| |jjelen at redhat.com --- Comment #3 from Jakub Jelen <jjelen at redhat.com> --- Created attachment 2711 --> https://bugzilla.mindrot.org/attachment.cgi?id=2711&action=edit rebased patch for curent HEAD After another discussion about difficult setup with more authentication methods and some of them using PAM in Fedora bug [1], I decided to give a try this patch once more, if it would be acceptable for upstream as portable change. There are no changes in the patch, but it is updated to apply clean on current HEAD. Also making obsolete Petr's patch, since it is just a file with comment. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1263133 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Dec-18 03:31 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE CC| |djm at mindrot.org Status|NEW |RESOLVED --- Comment #4 from Damien Miller <djm at mindrot.org> --- *** This bug has been marked as a duplicate of bug 2246 *** -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:02 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Jun-14 04:22 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |3674 Resolution|DUPLICATE |FIXED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Implemented in b2c64bc170d758 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3674 [Bug 3674] Tracking bug for OpenSSH 9.8 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 983] Required authentication
- [Bug 2166] New: sshd logs unnecessary messages if some of default host keys doesn't exist
- [Bug 2011] sandbox selection needs some kind of fallback mechanism
- [Bug 2263] New: sshd privsep monitor process doesn't handle SIGXFSZ signal
- [Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen