ssh daemon fails to call pam when user does not exist in /etc/passwd

Darren Tucker dtucker at zip.com.au
Tue Jun 15 19:33:13 EST 2004


Jayarama Vijay Kumar wrote:
>     We recenlty ugraded to openssh-3.7.1p2.  Our architecture is
>  ssh daemon uses pam module which sends request to  remote 
> radius/tacacs+ servers based on configuration.
>  Now if I create the user in /etc/passwd, then ssh daemon calls pam and 
> everthing works fine.
>  But if the user is not present in /etc/passwd, then ssh daemon is not 
> calling pam. The debug log is given below. All these were working in 
> prior versions.  Any idea why there is dependency on local user accounts 
> ?  I have also given sshd's pam file

I posted a patch for this a while back (attached).  It's only been 
lightly tested but it's worth a try.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-chall2-no-leak.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040615/c6299c7a/attachment.ksh 


More information about the openssh-unix-dev mailing list