search for: pam_do_not_exist

...e system has a PAM module configured for the auth PAM stack that does not actually exist, OpenSSH still allows a user to log in, if user authentication method is not keyboard-interactive or password. For example, in /etc/pam.d/other: auth required pam_dhkeys.so.1 auth required pam_do_not_exist.so.1 <----------- bad auth binding pam_unix_auth.so.1 server_policy In the above situation, pam_setcred() does return an error, but server only give a warning and still allow a user to log in if he/she doesn't use keyboard-interacitve user auth. This is not an expected behav...