SSHD with PAM question

Ben Lindstrom mouring at
Thu Sep 23 07:48:19 EST 2004

On Wed, 22 Sep 2004, Bob Bramwell wrote:

> Greetings All,
> I am trying to get sshd to authenticate using PAM in a situation where there is
> no password entry (as found by getpwent et. al.) for a user.  Setting:
If getpwent() doesn't find a user.. Then you can forget about using that

> If one were to fix input_userauth_info_response to be a little more forgiving
> would that cause any grief, open any security holes, or whatever?
>Would anyone
> like to suggest a suitable approach to a fix?  Does this sound like a
> good idea?

The correct fix is to teach your NSS code to look in the same place your
PAM code is looking. That way "getpwent" and friends return real

- Ben

More information about the openssh-unix-dev mailing list