[Bug 1215] sshd requires entry from getpwnam for PAM accounts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 24 03:42:00 EST 2012


--- Comment #15 from Matt Joyce <matt.joyce at cloudscaling.com> ---
(In reply to comment #14)
> I never seen the point in duplicating functionality already in
> nsswitch and similar mechanisms just for PAM.

Well not everyone has a full posix data set in their authentication /
identity management backend.  Also not all of them have an NSS module.

I direct your attention to the 3000 some odd emails on google
pertaining to the pam module for radius and people who can no longer
use it without obscene work arounds.

In my case I am authenticating against a REST API in a cloud
environment so I can pass cloud API credentials to a VM for tight
integration to that API.  I feel like that sort of authentication is
pretty likely to occur in a number of areas.  And making the solution
portable has values.

Requiring patched ssh or an nss module that all but breaks the hell out
of getpwnam is pretty much terrible.

The way I see it OpenSSH broke a bunch of stuff 6 years ago has
received chronic complaints and has basically ignored it.  And that's
not very cool or responsible.  This fix should never have gone in the
way it was written, and that speaks volumes as to the level of quality
control currently being held to.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter of the bug.

More information about the openssh-bugs mailing list