ssh daemon fails to call pam when user does not exist in /etc/passwd
Damien Miller
djm at mindrot.org
Tue Jun 15 19:32:28 EST 2004
Jayarama Vijay Kumar wrote:
> Hi
> We recenlty ugraded to openssh-3.7.1p2. Our architecture is
> ssh daemon uses pam module which sends request to remote
> radius/tacacs+ servers based on configuration.
> Now if I create the user in /etc/passwd, then ssh daemon calls pam and
> everthing works fine.
> But if the user is not present in /etc/passwd, then ssh daemon is not
> calling pam. The debug log is given below. All these were working in
> prior versions. Any idea why there is dependency on local user accounts
> ? I have also given sshd's pam file
This behaviour is by-design and we don't have any intentions of changing
it. If your non-local login system doesn't support getpw* it won't work
with OpenSSH (we aren't unique in this position).
If you want to support non-local accounts then you need to use some
NSS system (e.g. NIS, LDAP or on-the-fly getpw synthesis).
-d
More information about the openssh-unix-dev
mailing list