SSH PAM authentication/login with a new user DB (through NSS)
Hosung Song
hosungs at gmail.com
Fri Feb 6 11:55:53 EST 2009
Thanks much for both of your suggestions. Tried PrivilegeSeparation off,
but it didn't work. I see there are now less child processes (just
[pam], without [net] and [priv]). I also noticed that it's the same
process which did "Accepted keyboard-interactive/pam for
hosungs at gmail.com" and "fatal: login_init_entry: Cannot find user "" ".
If it's the same process, I'm not sure why the username info is lost
somewhere...
Also tried pam-test-harness.c and it returned all Success when I tried
the ssh service with my PAM module and my email username.
Any more suggestions?
Thanks,
Hosung
Peter Stuge wrote:
> Christian Pfaffel-Janser wrote:
>>> Any of your expert comments would be greatly appreciated.
>> just a wild guess, does it work if You turn PriviledgeSeparation off.
>
> Yes, disabling PrivilegeSeparation (speling) might help for debugging
> but it's not a recommended general solution.
>
> Darren Tucker has written a PAM test harness that you could try with
> your PAM module to maybe get more information on what is going wrong.
>
> I found http://dtucker.freeshell.org/patches/pam-test-harness.c but
> am unsure if it is the very latest version. Darren?
>
>
> //Peter
>
More information about the openssh-unix-dev
mailing list