ssh daemon fails to call pam when user does not exist in /etc/passwd

Darren Tucker dtucker at zip.com.au
Mon Jul 5 16:48:31 EST 2004


Damien Mascord wrote:
> I am attempting to use a new NSS method for logins (libnss-mysql), and 
> have come across this behaviour as well.
[...]
> It seems as though the account is thought of as expired:
> 
> debug3: mm_answer_pwnamallow
> debug3: auth_shadow_acctexpired: today 12604 sp_expire 0 days left -12604

That check only happens if PAM is disabled (just checked the 3.8.1p1 
code, it's auth.c line 91 or so).  Do you have "UsePAM yes" in your 
sshd_config?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list