Zoltan Fridrich
2025-Oct-30 12:37 UTC
Fwd: [patch] new sshd_config directive CanonicalMatchUser
Hello, I have worked on a similar issue to [1] for rhel. I have created a patch that adds an sshd_config directive "CanonicalMatchUser" that makes sshd attempt to obtain a canonical username from a password database instead of directly using a user provided username, which could be an alias, in which case the Match User condition in sshd_config would not evaluate to true even though the user is able to authenticate. This option would be especially useful for AD and LDAP users where capitalizing letters in username fails Match User condition. I am attaching a patch with the change which I have also filed upstream [2]. Kind regards, Zoltan [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3853#c1 [2] https://github.com/openssh/openssh-portable/pull/604 -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-canonical-match-user.patch Type: application/x-patch Size: 5061 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20251030/82720cde/attachment.bin>