[Bug 117] OpenSSH second-guesses PAM
Frank Cusack
fcusack at fcusack.com
Sat Apr 27 07:05:12 EST 2002
On Wed, Apr 17, 2002 at 11:39:47PM +1000, bugzilla-daemon at mindrot.org wrote:
> http://bugzilla.mindrot.org/show_bug.cgi?id=117
>
> ------- Additional Comments From djm at mindrot.org 2002-04-17 23:39 -------
> > You are eliminating the possibility that sshd might want to authenticate
> > someone without a local account (requesting a non-login service?).
>
> PAM shouldn't be abused to to be a getpw* replacement. Quoth
> http://www.opengroup.org/tech/rfc/mirror-rfc/rfc86.0.txt:
>
> ] (c) We do not address the source of information obtained from the
> ] "`getXbyY()'" family of calls (e.g., `getpwnam()').
I don't understand how this supports the argument for 'NOUSER'. Passing
on the real username is not [ab]using PAM for getpw* functionality.
/fc
More information about the openssh-unix-dev
mailing list