I can't imagine what simple thing I'm leaving out.
When ever I try to ssh to an account with the shell set to /usr/sbin/authpf
I get disconnected immediately after getting the motd. I know I'm
connecting and authenticating, but I don't stay connected.
I've created the files
authpf.allow authpf.conf authpf.message authpf.problem authpf.rules
in /etc/authpf ro to all but root.
authpf.allow contains a single "*"
authpf.conf is empty
authpf.rules contains:
pass in quick on $IN_IF from $user_ip to any keep state
pass out quick on $IN_IF from $user_ip to any keep state
pass in quick on $EX_IF from $user_ip to any keep state
pass out quick on $EX_IF from $user_ip to any keep state
I've put the anchors in the main pf ruleset and they load without any
errors.
nat-anchor "authpf/*"
rdr-anchor "authpf/*"
binat-anchor "authpf/*"
anchor "authpf/*"
One other related issue. If I use the adduser script and specify authpf
as the shell, I get "authpf: is not allowed!". I've used vipw to change
the shell to /usr/sbin/authpf for the test user.
Thank you.
