sshd & pam & getpwnam()
Gordon Tetlow
gordon at freebsd.org
Mon Jun 28 16:24:13 PDT 2004
On Sun, Jun 20, 2004 at 02:52:35PM +0400, Alexey Zagarin wrote:
> Hello!
>
> Does anybody know, why sshd call getpwnam() even if user is
> authenticating via PAM? This broke remote authentication (RADIUS,
> TACACS+) when user doesn't exist in local password database.
The user must exist in some sort of directory service in order to log
in. Services like krb5 (possibly RADIUS (I can't be bothered to look
it up)) don't have fields for assigning critical user information like
uid, gid, home directory, shell, .... What you are interested is
nsswitch against a remote directory service like NIS or LDAP.
-gordon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20040628/2ecb2804/attachment.bin
More information about the freebsd-hackers
mailing list