Displaying 1 result from an estimated 1 matches for "pam_do_not_exist".
2015 May 14
1
[Bug 2399] New: openssh server should fatal out when pam_setcred and pam_open_session fail
...e system has a PAM module configured for the auth PAM
stack that does not actually exist, OpenSSH still allows a user to log
in, if user authentication method is not keyboard-interactive or
password.
For example, in /etc/pam.d/other:
auth required pam_dhkeys.so.1
auth required pam_do_not_exist.so.1 <----------- bad
auth binding pam_unix_auth.so.1 server_policy
In the above situation, pam_setcred() does return an error, but
server only give a warning and still allow a user to log in if he/she
doesn't use keyboard-interacitve user auth.
This is not an expected behav...