Authenticating users from proprietary user databases
Darren Tucker
dtucker at zip.com.au
Tue Oct 6 06:23:23 EST 2009
Yaniv Aknin wrote:
[...]
> I'm not sure how to further handle this. Should I patch OpenSSH itself (oh
> god, please, no...)? Should I use some dynamic LD_PRELOAD concoction to
> 'rewrite' nsswitch.conf only for this sshd instance?
You could write those replacement functions for getpwnam() and friends
and just statically link them into application sshd. This is what we
already do with libopenbsd-compat when there's a broken native function
for which we have compat code (eg snprintf).
As long as the replacement functions provide the system-level accounts
that sshd expects (all I can think of is root and the privsep user) then
it should work, and should not require any patching (just feed configure
"--with-ldflags=-lyourlib").
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list