[cfarm-users] Changing shell with chsh without being prompted for password
Baptiste Jonglez
baptiste at bitsofnetworks.org
Tue Jul 17 12:44:09 CEST 2018
Hi,
Currently, it not possible to update its own shell on the farm machines:
chsh prompts for the user password, but authentication is solely performed
through SSH keys, so there is no way to use a password to authenticate.
As an experiment, we have just added PAM configuration to gcc13 and gcc14
so that chsh does not ask for a password. It amounts to adding this line
to /etc/pam.d/chsh:
auth sufficient pam_permit.so
The complete /etc/pam.d/chsh (based on Debian stretch) is now:
https://paste.swordarmor.fr/8gN4
gcc13 and gcc14 are thus available for testing changing your login shell.
If you know about any security issues that could arise from this setting,
please speak up! If everything looks fine, we will deploy this setting to
all farm machines.
Thanks,
Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20180717/3d2cada1/attachment.sig>
More information about the cfarm-users
mailing list