I do not know have you have already fixed problem when both AllowUsers and
AllowGroups have been defined.
Source package was: openssh-2.1.1-p1 (rpm version)
Problem is described in this example:
AllowGroups admins ssh
AllowUsers testuser
testusers primary group is users
User cannot login because his primary group wasn't admins or ssh... I have
included patch for this in this message. Hope this was way you thinked it
supposed to work.
There is also problem with following case but I am looking for fix for it.
AllowGroups admins ssh
User testuser tries to login (he is primary member of users) who is member
of group ssh. Since code only tests against primary group user can't
login.
-------------- next part --------------
diff openssh-2.1.1p4/auth.c openssh-fixed/auth.c
55a56> int allow_users_ok = 0;
111a113,114> {
> allow_users_ok = 1;
112a116> }
135c139
< if (options.num_allow_groups > 0) {
---> if ((options.num_allow_groups > 0) && (!allow_users_ok)) {
