I have "UsePAM yes" set in /etc/ssh/sshd_config and the following stack in /etc/pam.conf
# Entries for OpenSSH (sshd)
sshd auth requisite /usr/lib/security/64/pam_permission \
sshd auth required /usr/lib/security/pam_aix
sshd account required /usr/lib/security/pam_aix
sshd password required /usr/lib/security/pam_aix
sshd session required /usr/lib/security/pam_aix
The file "/etc/security/pam_permission.scponly" contains a single line with a username. That user is still able to log in, even with the "found=prohibit" line above. Is the current version still compiled with PAM support???
Another RTFM moment…
chsec -f /etc/security/login.cfg -s usw -a auth_type=PAM_AUTH
Yep - another OpenSSH/PAM question
How is pam_start() being called? Is "sshd" hard-coded in as the service name? I'm guessing it is as I'm trying to run sshd on an alternate port so that I can have PAM handle things separately depending on which port users are coming in on.
I've created a symlink, and even just copied the sshd binary. Either way, it looks like the pam_start() call is using "sshd" as the service name. Is there any way this can be modified to send the binary/executable name as the service instead of hard-coded "sshd"?