ssh daemon fails to call pam when user does not exist in /etc/passwd
Jayarama Vijay Kumar
jvijayku at cisco.com
Tue Jun 15 20:08:49 EST 2004
Darren Tucker wrote:
> Darren Tucker wrote:
> [about PAM without getpwnam()]
>
>> I posted a patch for this a while back (attached). It's only been
>> lightly tested but it's worth a try.
>
>
> Correction: this patch will cause PAM to be called for
> keyboard-interactive in that case (so it won't leak information about
> whether or not the account is permitted to log in) but it still won't
> actually permit the login.
>
I just tested the patch. Though it manages to call pam, the login is not
completed. It looks like we need to somehow get non-local account info
thru getpwnam.
thanx for the help.
vijay
More information about the openssh-unix-dev
mailing list