Lawrence Horvath wrote: > I am trying to set up authpf. I created all the files however i would > like to be able to login and then start authpf instead of having a > separate user for authpf. when ever i try to start authpf after loging > in with ssh i get the below error > > May 14 22:03:31 freemon authpf: wrong shell for user lawrence.horvath, uid > 1002 > > how do i get it to be the "right" shell? >
authpf has some security checks which make sense in the general case, but sometimes annoy in the specific case. One of those checks is to make sure it is the user's default shell, which is what you are trying to avoid. The nice thing about Open Source software is you can change code you don't like or change it as you wish. Be careful, however, this was done for a reason. From memory, if you can run authpf from a command line, you can feed it any info you wish, including bogus IP addresses, so user X coming from W.X.Y.Z could fire up authpf for a user coming from A.B.C.D, without that user having to log in at all...and that's bad in the general case. However, sometimes you want things a little different than original plans. I run a very private IRC server, just some long-time friends that (for the most part) all know each other in "real life". These users have reason to both have shell and IRC access to these machines. In my case, I trust these users (at least on these machines), it's the rest of the world I don't trust, so I've cut out some code from authpf.c to enable authpf to be run from the command line, and even backgrounded, so it will hold an IP open until the machine is rebooted or until someone kill(1)s the authpf process. VERY dangerous in the general case, but ok for *my* application. The authpf code is quite readable..look for the error message, look at the code that generates it, and remove it. There are a couple other tests you probably need to remove as well in the same immediate area. There are the bullets. Provide your own feet. :) Nick.
