login about faq

I want my server to only use PAM accounts and session management. Is there a way to force PAM account and session management, when using authentication methods other than keyboard-interactive PAM?

asked Jan 17 '11 at 09:55

SSH%20KB's gravatar image

SSH KB ♦
509249246237


PAM (Pluggable Authentication Modules) can be used not only for authentication, but also for account and session management. For example, a pam module can be used to set extended user attributes or to set resource limits for user sessions.

PAM session and account management can be enabled for all authentication methods using the configuration option pam-calls-with-commands.

Note! pam-calls-with-commands is available from version 6.0.4 forward.

This option can be used in the pluggable-authentication-modules element which should be the last element in the params block:

<params>
  <!-- Possible other elements in the params block -->
  <pluggable-authentication-modules pam-calls-with-commands="yes" />
</params>

The pam-calls-with-commands option affects sessions where users execute shells, remote commands, and subsystems (such as sftp).

link

answered Jan 17 '11 at 09:58

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×8
×1

Asked: Jan 17 '11 at 09:55

Seen: 2,796 times

Last updated: Mar 14 '11 at 13:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.