bugzilla-daemon at mindrot.org
2006-Oct-01 18:00 UTC
[Bug 1215] sshd requires entry from getpwnam for PAM accounts
http://bugzilla.mindrot.org/show_bug.cgi?id=1215 ------- Comment #3 from vadud3 at gmail.com 2006-10-02 04:00 ------- (In reply to comment #2)> Created an attachment (id=1171)--> (http://bugzilla.mindrot.org/attachment.cgi?id=1171&action=view) [edit]> make sshd handle when getpwnam doesn't know about the user but PAM does > > Updated patch (against 4.3p2). Leaks less (but still leaks) and copies > passwd struct when PAM changes the username (the old one should have, > but didn't). >Is it included in 4.4p1? If yes, is that mean user can ssh with pam auth success even if s/he do not have a local account? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Oct-02 00:14 UTC
[Bug 1215] sshd requires entry from getpwnam for PAM accounts
http://bugzilla.mindrot.org/show_bug.cgi?id=1215 ------- Comment #4 from dtucker at zip.com.au 2006-10-02 10:14 ------- (In reply to comment #3)> Is it included in 4.4p1?No, it's not in 4.4p1. I'm still not convinced it's a good idea and it has not been tested or reviewed much.> If yes, is that mean user can ssh with pam > auth success even if s/he do not have a local account?If you apply the patch then yes, you should be able to log into a system using a username that does not exist in the local passwd file (or wherever's listed in nsswitch.conf) provided that PAM accepts the username, permits the login and maps PAM_USER to a name that does exist before the end of the authentication. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 1215] sshd requires entry from getpwnam for PAM accounts
- [Bug 1215] sshd requires entry from getpwnam for PAM accounts
- [Bug 1215] sshd requires entry from getpwnam for PAM accounts
- [Bug 1215] sshd requires entry from getpwnam for PAM accounts
- [Bug 1215] sshd requires entry from getpwnam for PAM accounts