bugzilla-daemon at mindrot.org
2005-Sep-07 21:42 UTC
[Bug 1081] AIX port does not support group allow/ deny via nss_ldap
http://bugzilla.mindrot.org/show_bug.cgi?id=1081
Summary: AIX port does not support group allow/ deny via nss_ldap
Product: Portable OpenSSH
Version: 3.9p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: paul.moore at centrify.com
if the platform does not support getgrouplist directly then sshd uses getgrent
to enumerate group membership (for group allow / deny). The AIX version of this
API only supports /etc/group and NIS and so the group features do not work with
other naming providers (nss_ldap say).
The AIX port should use getuserattr(user, S_GROUPS, ..), this uses NSS.
We can provide a candidate fix for this if needed.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Sep-08 00:22 UTC
[Bug 1081] AIX port does not support group allow/ deny via nss_ldap
http://bugzilla.mindrot.org/show_bug.cgi?id=1081 ------- Additional Comments From dtucker at zip.com.au 2005-09-08 10:22 ------- (In reply to comment #0)> The AIX port should use getuserattr(user, S_GROUPS, ..), this uses NSS. > > We can provide a candidate fix for this if needed.Sure, go ahead. I've not looked into AIX's NIS support (I don't use it) but it sounds like the right fix would be to implement a getgrouplist() in port-aix.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 1081] AIX port does not support group allow/ deny via nss_ldap
- [Bug 543] sshd does not use AIX's setauthdb
- 2.2.1p1 / AIX 4.2.1.0.06 login nits
- AIX capabilities not set
- SAMBA configuration nightmare (AIX) - idmaps do not work (core dump), ldap/nss_ldap and pam fail