SSHD with PAM question
Ben Lindstrom
mouring at etoh.eviladmin.org
Thu Sep 23 07:48:19 EST 2004
On Wed, 22 Sep 2004, Bob Bramwell wrote:
> Greetings All,
>
> I am trying to get sshd to authenticate using PAM in a situation where there is
> no password entry (as found by getpwent et. al.) for a user. Setting:
^^^^^^^^^^^^^^^^^^^^^^^^^
If getpwent() doesn't find a user.. Then you can forget about using that
user.
[..]
>
> If one were to fix input_userauth_info_response to be a little more forgiving
> would that cause any grief, open any security holes, or whatever?
>Would anyone
> like to suggest a suitable approach to a fix? Does this sound like a
> good idea?
>
The correct fix is to teach your NSS code to look in the same place your
PAM code is looking. That way "getpwent" and friends return real
information.
- Ben
More information about the openssh-unix-dev
mailing list