You're right. OpenSSH and SSH.com's Unix servers do not support this. You would have to do this in PAM.
There's a lot information on various PAM modules and links here: http://www.kernel.org/pub/linux/libs/pam/modules.html -AnneYou're right. OpenSSH and SSH.com's Unix servers do not support this. You would have to do this in PAM. There's a lot information on various PAM modules and links here: http://www.kernel.org/pub/linux/libs/pam/modules.html -Anne Adam ENDRODI grabbed a keyboard and typed... > How can I tell sshd to only accept a particular authentication > method for some users, while letting others to use any methods > they wish? > > One of our servers has two kinds of users: a group of > low-privileged ones and a few power users. The former class > may choose to log in by providing his password, but I want the > latter to use his private key, which I consider a more secure > alternative. On the other hand, they need to retain their unix > password, so I cannot just fill that with garbage. > > I've looked at the recent openssh sources but it didn't seem > to support this kind of distinction. One possibility I can > think of is PAM, but I don't know which module to use. > > Any suggestion would be greatly appreciated. > > bit, > adam > > -- > 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 > finger://[EMAIL PROTECTED] | Some days, my soul's confined > http://www.keyserver.net | And out of mind > Sleep forever > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- .-"".__."``". Anne Henmi, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -="""=. ', Center for Advanced Computing Research ~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
signature.asc
Description: Digital signature