Re: PAM modules
Jason Hellenthal <jhell@DataIX.net> writes:
> security/pam_jail A PAM module dropping users in jails after login
> security/pam_krb5 A Pluggable Authentication Module for Kerberos5
We already have that.
> security/pam_ldap A pam module for authenticating with LDAP
Not going to happen, since we don't have LDAP in base.
> security/pam_mkhomedir Create HOME with a PAM module on demand
> security/pam_p11 A PAM module using crypto tokens for auth authe=
nticate against Unix PAM
Requires a PKCS11 implementation in base. I never finished the one I
started on...
> security/pam_pwdfile A pam module for authenticating with flat passw=
d files
> security/pam_require A PAM module for restricting access based on un=
ix group or username
What does this do that pam_group doesn't?
> security/pam_smb NetBIOS domain logon PAM module
Apparently requires Perl to run, although this may be a bug in the port
> security/pam_ssh_agent_auth PAM module which permits authentication via s=
sh-agent
> sysutils/pam_mount A PAM that can mount volumes for a user session
That leaves us with the following candidates:
- pam_jail
- pam_mkhomedir
- pam_mount
- pam_pwdfile
- pam_ssh_agent_auth
and possibly also
- pam_require
- pam_smb
Note that pam_mkhomedir and pam_mount can be implemented using pam_exec
(possibly with some improvements) and scripts.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 15 之 37 篇):