bugzilla-daemon at mindrot.org
2013-May-13 20:28 UTC
[Bug 2102] New: [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102
Bug ID: 2102
Summary: [PATCH] Specify PAM Service name in sshd_config
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: kenneth.schmidt at pnnl.gov
Created attachment 2267
--> https://bugzilla.mindrot.org/attachment.cgi?id=2267&action=edit
patch to allow configuring the pam service
The attached patch allows openssh to specify which pam service name to
authenticate users against by specifying the PAMServiceName attribute
in
the sshd_config file. Because the parameter can be included in the
Match
directive sections, it allows different authentication based on the
Match
directive. In our case, we use it to allow different levels of
authentication based on the source of the authentication attempts
(securID auth in untrusted zones, password auth in trusted zones). The
default is still to use the binary name.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Jun-09 19:55 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102
Petr Lautrbach <plautrba at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |plautrba at redhat.com
--- Comment #1 from Petr Lautrbach <plautrba at redhat.com> ---
Created attachment 2439
--> https://bugzilla.mindrot.org/attachment.cgi?id=2439&action=edit
patch to allow configuring the pam service
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Jun-09 19:57 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102 --- Comment #2 from Petr Lautrbach <plautrba at redhat.com> --- The PAMServiceName option is also useful for systems with multiple sshd instances with different levels of access control, see https://bugzilla.redhat.com/show_bug.cgi?id=1060237 The attached patch is Ken Schmidt's patch rebased for the latest sources. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Sep-17 16:41 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2439|0 |1
is obsolete| |
CC| |jjelen at redhat.com
--- Comment #3 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 2711
--> https://bugzilla.mindrot.org/attachment.cgi?id=2711&action=edit
rebased patch for curent HEAD
After another discussion about difficult setup with more authentication
methods and some of them using PAM in Fedora bug [1], I decided to give
a try this patch once more, if it would be acceptable for upstream as
portable change.
There are no changes in the patch, but it is updated to apply clean on
current HEAD. Also making obsolete Petr's patch, since it is just a
file with comment.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1263133
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Dec-18 03:31 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
CC| |djm at mindrot.org
Status|NEW |RESOLVED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
*** This bug has been marked as a duplicate of bug 2246 ***
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:02 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Jun-14 04:22 UTC
[Bug 2102] [PATCH] Specify PAM Service name in sshd_config
https://bugzilla.mindrot.org/show_bug.cgi?id=2102
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3674
Resolution|DUPLICATE |FIXED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Implemented in b2c64bc170d758
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3674
[Bug 3674] Tracking bug for OpenSSH 9.8
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 983] Required authentication
- [Bug 2166] New: sshd logs unnecessary messages if some of default host keys doesn't exist
- [Bug 2011] sandbox selection needs some kind of fallback mechanism
- [Bug 2263] New: sshd privsep monitor process doesn't handle SIGXFSZ signal
- [Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen