Why does chsh not support PAM?

Dan Mahoney (Gushi) danm at prime.gushi.org
Tue Sep 26 00:30:28 UTC 2017

Hey all,

At the day job, our systems are Kerberized.  People log in with a 
kerberized ssh client (which checks Kerberos internally, rather than via a 
PAM module), or use GSSAPI-enabled ssh.

People get root via ksu.

Everyone has a "*" as their password entry in /etc/master.passwd

All this stuff is in -BASE.

Here's my question: Why have we not PAM-ified chsh yet?  Such that a user 
can change their shell or GECOS information using only their kerberos 

How hard would this be to implement, rather than adding a hardcoded check 
against the password file in programs like chsh?



--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org

More information about the freebsd-questions mailing list