Why does chsh not support PAM?
Dan Mahoney (Gushi)
danm at prime.gushi.org
Tue Sep 26 00:30:28 UTC 2017
Hey all,
At the day job, our systems are Kerberized. People log in with a
kerberized ssh client (which checks Kerberos internally, rather than via a
PAM module), or use GSSAPI-enabled ssh.
People get root via ksu.
Everyone has a "*" as their password entry in /etc/master.passwd
All this stuff is in -BASE.
Here's my question: Why have we not PAM-ified chsh yet? Such that a user
can change their shell or GECOS information using only their kerberos
password.
How hard would this be to implement, rather than adding a hardcoded check
against the password file in programs like chsh?
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the freebsd-questions
mailing list