How difficult would it be to PAM-ify chsh?
dmahoney at isc.org
Wed May 20 02:20:57 UTC 2015
It looks like chsh is pretty heavily tied in with YP/NIS, but nothing else
(no pam, no libnss support). Here in our work environment at DayJob, Inc,
we use Kerberos, which means most of our users have a "*" in their
master.passwd entries. Annoyingly, this means that they can't change
their base info.
So, has anyone come across, perhaps:
1) a third-party installable dropin that could live in /usr/local/bin to
do this sort of thing, that knows how to speak pam.
2) Or does someone know how difficult it would be to add the requisite
hooks to this code to do the checking. The tool is already setUID, after
all, it has to be to manipulate the password file.
I could totally turn this into a PR, but I figured I'd ask here first.
More information about the freebsd-questions