openssh bugs - Jun 2018 - [Bug 2877] New: Setting pam_set_item(PAM_USER, value) not honoured in ssh PAM

https://bugzilla.mindrot.org/show_bug.cgi?id=2877

            Bug ID: 2877
           Summary: Setting pam_set_item(PAM_USER, value) not honoured in
                    ssh PAM
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugs at mrvanes.com

My PAM module is user agnostic and knows about the authenticated user
on success. It is not necessary or even appreciated to supply the
username at login time and nss_ldap will take care of setting pwent on
success. openssh however, does not honour the new username that is set
using pam_set_item(PAM_USER, value) on success.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2877

--- Comment #1 from Martin <bugs at mrvanes.com> ---
To be more precise: with "not supplying username" at login time, I
mean
supplying a placeholder username that triggers the PAM module to
initiate external authentication configured as sufficient.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2877

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
OpenSSH doesn't support PAM changing the username used for
authentication. We don't have any intention to change this, sorry.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2877

--- Comment #3 from Martin <bugs at mrvanes.com> ---
With all due respect, these are the first-page search results for
'openssh pam_set_item PAM_USER':

https://www.redhat.com/archives/pam-list/2009-January/msg00002.html
https://github.com/globus/gsi-openssh
https://lists.mindrot.org/pipermail/openssh-unix-dev/2002-August/015217.html
https://wiki.moonshot.ja.net/download/attachments/6881896/openssh-nulluser-6.7p1.patch?version=1&modificationDate=1487091061000&api=v2
https://unix.stackexchange.com/questions/362510/unable-to-smuggle-data-in-username-using-custom-pam-module-input-userauth-requ/362697#362697
https://opensc.github.io/pam_pkcs11/doc/pam_pkcs11.html

Reconsidering your decisions is not a shame.

And yes, I'm free to maintain a fork, I know ;)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2877

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.