Present motd information on login similar to OpenSSH
https://www.ietf.org/rfc/rfc4252.txt Section 5.4
Teleport is going to (optionally) use PAM to create user sessions. This will enable the full pipeline of PAM-driven session customization, which will give us access to all PAM plugins, including motd
@Kellel OpenSSH is most distros is actually configured to integrate with pam and it's pam who's displaying motd-like prompt.
Frankly we feel this will only add unneeded complexity because Teleport performs authentication on a cluster-level, i.e. individual nodes can be as dumb as they come (for example people use Teleport to SSH into docker containers randomly flying around).
The utility of pam is somewhat questionable in a clustered environment, where user identity is stored elsewhere and user authentication happens _before the SSH connection is even made_ (at SSH bastion/proxy), see teleport login command which doesn't require a host name: in Teleport world hosts are "dumb cattle". So it's a head scratcher. Do you mind me ask: why are you asking?
But if someone is willing to look into _lightweight_ integration with pam, we're open to accept a decent PR. :-)
I'll mark it as "help wanted".
One use case we have for using pam is assigning an "auid" that is process inherited via pam_loginuid.so and we capture this in auditd logs. Allows users to sudo to root while maintaining a trail.
Implemented in https://github.com/gravitational/teleport/issues/1766.
Most helpful comment
One use case we have for using pam is assigning an "auid" that is process inherited via pam_loginuid.so and we capture this in auditd logs. Allows users to sudo to root while maintaining a trail.