[Bug 938] "AllowGroups" option and secondary user's groups limit

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Oct 9 12:42:30 EST 2004


------- Additional Comments From dtucker at zip.com.au  2004-10-09 12:42 -------
Created an attachment (id=728)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=728&action=view)
Add some instrumentation to ga_match()

The user is being denied in the early stages (getpwnamallow) which is before
PAM is even initialized.  I can't figure out why sshd would behave differently
with and without PAM in this case.  I could imagine something in nss_ldap
causing it but in that case UsePAM should make no difference.

Attached is a patch that adds some debugging output to the group match
function.  Please apply it and run sshd in debug mode twice, once where it
works and once where it doesn't, then compare the "ga_match" sections of the
debug output and attach them to the bug (substitute the real group names for
fake ones if you need to, as long as you do it consistently :-).

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list