I want my server to only use PAM accounts and session management. Is there a way to force PAM account and session management, when using authentication methods other than keyboard-interactive PAM?
asked Jan 17 '11 at 09:55
SSH KB ♦
PAM (Pluggable Authentication Modules) can be used not only for authentication, but also for account and session management. For example, a pam module can be used to set extended user attributes or to set resource limits for user sessions.
PAM session and account management can be enabled for all authentication methods using the configuration option
This option can be used in the
<params> <!-- Possible other elements in the params block --> <pluggable-authentication-modules pam-calls-with-commands="yes" /> </params>
The pam-calls-with-commands option affects sessions where users execute shells, remote commands, and subsystems (such as sftp).
answered Jan 17 '11 at 09:58
SSH KB ♦