ssh daemon fails to call pam when user does not exist in /etc/passwd
Damien Mascord
tusker at tusker.org
Mon Jul 5 17:05:58 EST 2004
Darren Tucker wrote:
> Damien Mascord wrote:
>
>> I am attempting to use a new NSS method for logins (libnss-mysql), and
>> have come across this behaviour as well.
>
> [...]
>
>> It seems as though the account is thought of as expired:
>>
>> debug3: mm_answer_pwnamallow
>> debug3: auth_shadow_acctexpired: today 12604 sp_expire 0 days left -12604
>
>
> That check only happens if PAM is disabled (just checked the 3.8.1p1
> code, it's auth.c line 91 or so). Do you have "UsePAM yes" in your
> sshd_config?
>
It was in my unpatched sshd_config, but wasn't present in the (patched)
/usr/local/etc version. Thanks for the heads up.
With or without the patch, I am able to login correctly. It seems as
though a restart of ssh was needed to enable the new NSS methods for
some reason. Not sure what the cause of the issue was, if I notice it
on a new installation, I will try and narrow this down, thanks for your
help.
Since this is the case, I am assuming that PAM is required if alternate
NSS methods are in use ? Is there any way around this?
Thanks again for your quick response,
Damien
--
Damien Mascord (tusker at tusker dot org)
GPG key 2CB181BE / 93B2 EF21 0C7C F022 F467 7966 219E 92B3 2CB1 81BE
More information about the openssh-unix-dev
mailing list