SSHD with PAM question
Bob Bramwell
bob at jasomi.com
Fri Sep 24 04:50:32 EST 2004
OK, I'll buy that. However, fixing getpwent may not be practical on a system
where I would like this to work, so I guess I have to do it right, or not do it.
Which brings up another question: if I can't do anything useful when
getpwent() doesn't find the user in question, why doesn't sshd simply abandon
all attempts at authentication at that point? Perhaps it should, in which case
I would not be tempted even to try. It seems pointless to invoke the PAM module
and then prohibit it from talking to the user.
Tnx,
Bob.
> Date: Wed, 22 Sep 2004 16:48:19 -0500 (CDT)
> From: Ben Lindstrom <mouring at etoh.eviladmin.org>
> Subject: Re: SSHD with PAM question
> On Wed, 22 Sep 2004, Bob Bramwell wrote:
>
>>> Greetings All,
>>>
>>> I am trying to get sshd to authenticate using PAM in a situation where there is
>>> no password entry (as found by getpwent et. al.) for a user. Setting:
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> If getpwent() doesn't find a user.. Then you can forget about using that
> user.
> ...
> The correct fix is to teach your NSS code to look in the same place your
> PAM code is looking. That way "getpwent" and friends return real
> information.
>
> - Ben
--
Bob Bramwell Jasomi Networks (Canada) | This space
Ph: 403 269 2938 x155 #310 602 11th Ave SW | intentionally
FX: 403 269 2993 Calgary, AB, T2R 1J8 | left blank.
More information about the openssh-unix-dev
mailing list