Hello. I have a linux-based system that acts as a cvs-server on an NT-domain. The cvs-repository is reached whith ssh. My comments are for version 1.2.2 (debian distribution 1.2.2-1). I made a pam-module for adding users automatically when they have been authorized by the pam_smb_auth. Problem is that sshd checks if the user exists in passwd before going to pam for authorization. I made a very nasty hack to sshd that changed the behaviour so that the pw-struct got some defaults instead of pw from getpwnam() if allowed_user() returns false. However, I would rather use a real version of sshd, so I suggest there be some changes made to allow for better PAM-usage. For that, the (or a) call to getpwnam() must be run AFTER pam has checked authorization and account (my pam_useradd is an account module). First, pw is sent by to start_pam(). start_pam() only uses pw->pw_name though, so I suggest sending in user instead of pw. Second, pw is used to compare uid if not running as root. This check I suppose could be done after auth_pam_password() ? If these changes aren't good for non-pam situations, maybe considering splitting it up more so that pam-users have a totally separate procedure? I haven't looked at it yet, but I guess RSA-authentication could be made a pam-module also? Regards, EOF PS: Please cc all replies to me, since I am not yet in the list (I subscribed another of my adresses and it had to go and ask the list administrator etc etc). DS.