From: sunmanagers@merctech.com
Date: Tue Sep 17 2002 - 18:59:20 EDT
I've checked the documentation, but haven't found a definitive answer...
Does the Sun-supplied ssh in Solaris 9 integrate correctly with PAM? If a
password expires, can the user still login via ssh in order to change their
password?
Are any additions needed to /etc/pam.conf? In Solaris 8, the following was
necessary to make a PAM-enabled version of ssh play nice:
###################################
# SSH
# Authentication management
# Additional lines added to specify how a PAM-enabled version of ssh will
# do authentication. This lets password-access via SSH respect any settings,
# such as expiration, found in /etc/shadow. It will not affect passwordless
# (RSA) access, but these lines are required.
#
sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 debug
sshd account required /usr/lib/security/$ISA/pam_unix.so.1 debug
sshd password required /usr/lib/security/$ISA/pam_unix.so.1 debug
sshd session required /usr/lib/security/$ISA/pam_unix.so.1 debug
##################################################
Mark
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:57 EDT