From 067f5343c86ed6dd135cdf57eb99aa3f982fceed Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Tue, 17 Mar 2009 21:00:42 +0100 Subject: [PATCH] login: use "remote" as a PAM service name for "login -h" Signed-off-by: Karel Zak --- login-utils/login.1 | 10 ++++++++++ login-utils/login.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/login-utils/login.1 b/login-utils/login.1 index 9ddf25b3..12273815 100644 --- a/login-utils/login.1 +++ b/login-utils/login.1 @@ -105,6 +105,14 @@ to pass the name of the remote host to so that it may be placed in utmp and wtmp. Only the superuser may use this option. +Note that the \fB-h\fP option has impact on the \fBPAM service name\fP. The standard +service name is "login", with the \fB-h\fP option the name is "remote". It's +necessary to create a proper PAM config files (e.g. +.I /etc/pam.d/login +and +.I /etc/pam.d/remote +). + .SH "SPECIAL ACCESS RESTRICTIONS" The file .I /etc/securetty @@ -297,6 +305,8 @@ are allowed to log in from anywhere as is standard behavior. .I /etc/passwd .I /etc/nologin .I /etc/usertty +.I /etc/pam.d/login +.I /etc/pam.d/remote .I .hushlogin .fi .SH "SEE ALSO" diff --git a/login-utils/login.c b/login-utils/login.c index d3621135..c924a1f5 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -552,7 +552,7 @@ main(int argc, char **argv) * Therefore, we are safe not setting it to anything */ - retcode = pam_start("login",username, &conv, &pamh); + retcode = pam_start(hflag?"remote":"login",username, &conv, &pamh); if(retcode != PAM_SUCCESS) { fprintf(stderr, _("%s: PAM failure, aborting: %s\n"), "login", pam_strerror(pamh, retcode)); -- 2.39.5