SSHD with PAM question

Bob Bramwell bob at
Fri Sep 24 04:50:32 EST 2004

OK, I'll buy that.  However, fixing getpwent may not be practical on a system 
where I would like this to work, so I guess I have to do it right, or not do it. 
  Which brings up another question:  if I can't do anything useful when 
getpwent() doesn't find the user in question, why doesn't sshd simply abandon 
all attempts at authentication at that point?  Perhaps it should, in which case 
I would not be tempted even to try.  It seems pointless to invoke the PAM module 
and then prohibit it from talking to the user.


> Date: Wed, 22 Sep 2004 16:48:19 -0500 (CDT)
> From: Ben Lindstrom <mouring at>
> Subject: Re: SSHD with PAM question

> On Wed, 22 Sep 2004, Bob Bramwell wrote:
>>> Greetings All,
>>> I am trying to get sshd to authenticate using PAM in a situation where there is
>>> no password entry (as found by getpwent et. al.) for a user.  Setting:
> 			^^^^^^^^^^^^^^^^^^^^^^^^^
> If getpwent() doesn't find a user.. Then you can forget about using that
> user.
> ...
> The correct fix is to teach your NSS code to look in the same place your
> PAM code is looking. That way "getpwent" and friends return real
> information.
> - Ben

Bob Bramwell            Jasomi Networks (Canada) | This space
Ph: 403 269 2938 x155   #310 602 11th Ave SW     | intentionally
FX: 403 269 2993        Calgary, AB, T2R 1J8     | left blank.

More information about the openssh-unix-dev mailing list