Date: Wed, 20 May 2015 02:20:50 +0000 (UTC) From: Dan Mahoney <dmahoney@isc.org> To: questions@freebsd.org Subject: How difficult would it be to PAM-ify chsh? Message-ID: <alpine.BSF.2.11.1505200213560.9379@bikeshed.isc.org>
next in thread | raw e-mail | index | archive | help
Hey there, It looks like chsh is pretty heavily tied in with YP/NIS, but nothing else (no pam, no libnss support). Here in our work environment at DayJob, Inc, we use Kerberos, which means most of our users have a "*" in their master.passwd entries. Annoyingly, this means that they can't change their base info. So, has anyone come across, perhaps: 1) a third-party installable dropin that could live in /usr/local/bin to do this sort of thing, that knows how to speak pam. 2) Or does someone know how difficult it would be to add the requisite hooks to this code to do the checking. The tool is already setUID, after all, it has to be to manipulate the password file. I could totally turn this into a PR, but I figured I'd ask here first. -Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1505200213560.9379>