Around 2000 or so, FreeBSD had a pam module
Apparently later, FreeBSD moved to OpenPAM - which does not have it. OpenPAM has the
Linux also had and removed
So... what am I supposed to use in place of
Backgroud: I want to implement ssh authentication with a 2 factor provider - but only for remnote users. Local users should be able to use ssh normally.
with pam_stack this seems doable:
How can I do that with today's openpam?
pam_stack.so
. This executed another PAM stack and returned its result as its own.Apparently later, FreeBSD moved to OpenPAM - which does not have it. OpenPAM has the
include ...
statement - but that is not the same, it only covers a small subset of functionality possible with pam_stack.so. The main difference is that include has no control flag but works somewhat like require pam_stack.so ...
, while other control flags are not possible. Another difference is that modules in an include statement break or finalize to the end of the main chain, while those in substacks only break or finalize to the end of the substack.Linux also had and removed
pam_stack.so
- but they replaced it with include
and substack
. So... what am I supposed to use in place of
pam_stack.so
?Backgroud: I want to implement ssh authentication with a 2 factor provider - but only for remnote users. Local users should be able to use ssh normally.
with pam_stack this seems doable:
Code:
/etc/pam.d/remotessh
auth requisite login_access.so ..... # this fails when the user is local
auth required pam_my2fa.so ...
/etc/pam.d/sshd
auth sufficient pam_stack.so service=remotessh
auth required pam_unix.so
How can I do that with today's openpam?