Hi,What is the current plan for support for PAM on Coreos. I found this [https://github.com/coreos/coreos-overlay/issues/499] which said that is support is being dropped. Is it is some kind of roadmap for Coreos?
--
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
It was dropped way way back when we transitioned from read-only root to read-only /usr and since pam has such a complicated configuration scheme in /etc I dropped support due to the effort required to come up with a system that would be safe with our update model. At some point Kay from systemd posted a proof-of-concept patch for pam to make it work similar to systemd's model of default system configs in /usr and admin provided configs in /etc. I don't know if that has gone anywhere since then, haven't had time to look at the situation in quite some time.
It is something we need to revisit but I'm not sure when. On the up side avoiding pam did side step at least one remote ssh vulnerability!
We don't really have a recommendation until we add PAM and related modules. It is planned but hasn't been started yet. What sort of system do you need to integrate with?
If PAM is not shipped with CoreOS, what's the suggested approach to authenticate ssh users through third party auth systems?
You received this message because you are subscribed to a topic in the Google Groups "CoreOS User" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/coreos-user/vwh6VcMeOs8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to coreos-user...@googlegroups.com.
I looks like it. I have not tested it yet:
https://github.com/ragnar-johannsson/coreos-pam-sshd
-- Bernd
Bumping up the original question. I read references to PAM on CoreOS but couldn't find any documents. Is is enabled on CoreOS now?.