Implement PAM_SM_PASSWORD

[Jnchi]

This function is used to (re-)set the authentication token of the user. --pam_sm_chauthtok

int
pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
/* This is a dummy function */
return PAM_SUCCESS;
}

Source: pam_unix

Bugs: https://github.com/CyberNinjas/libnss-pool/issues/4 Bugs: https://github.com/CyberNinjas/pam_aad/issues/22

See also: https://github.com/donapieppo/libnss-ato

[Jnchi]

See also:

• openssh/auth-pam.c

• pam_radius_auth.c

• pwd/getpwent.c

[Jnchi]

https://www.linuxquestions.org/questions/programming-9/openssh-and-pam-900406/

[Jnchi]

https://www.cyberciti.biz/tips/linux-or-unix-disable-null-passwords.html

[Jnchi]

https://github.com/google/google-authenticator-libpam

[Jnchi]

/etc/pam.d/sshd

+auth [success=1 default=ignore] pam_aad.so client_id= resource_id= tenant= required_group_id=

+auth required pam_permit.so

-@include common-auth
-#@include common-auth

ssh jnchi@10.0.3.65
Enter the following code at https://aka.ms/devicelogin : FB8TD984U
Please hit enter after you have logged in.
packet_write_wait: Connection to 10.0.3.65 port 22: Broken pipe

sudo /usr/sbin/sshd -ddd -f /etc/ssh/sshd_config
[ . . . TRUNCATED . . . ]
PAM: pam_setcred(): Permission denied

[Jnchi]

/*
 * Attempt password authentication via PAM
 */
int
sshpam_auth_passwd(Authctxt *authctxt, const char *password)
{

Source: openssh/auth-pam.c

[Jnchi]

https://github.com/CyberNinjas/pam_aad/blob/b2ee3cbf15273633f20737c361ed25661cc854f1/src/pam_aad.c#L225

[Jnchi]

https://www.cyberciti.biz/faq/rhel-debian-force-users-to-change-passwords

[Jnchi]

https://github.com/donapieppo/libnss-ato/blob/master/libnss_ato.c

[Jnchi]

https://serverfault.com/questions/783082/how-to-use-the-ssh-server-with-pam-but-disallow-password-auth