search for: userdb_result_user_unknown

...} else { /* more userdbs, they may know the user */ auth_request_log_info(auth_request, "prefetch", "passdb didn't return userdb entries"); } callback(USERDB_RESULT_USER_UNKNOWN, auth_request); return; } is this really correct? if so it migth be a good idea to at least print different errors Tony

...uth_request_lookup_user (request=request at entry=0xb84b9218, callback=0xb77b5c80 <user_callback>) at auth-request.c:1141 userdb = 0xb84ae3e8 cache_key = <optimized out> #16 0xb77bac6d in auth_request_userdb_callback (result=<optimized out>, result at entry=USERDB_RESULT_USER_UNKNOWN, request=<optimized out>) at auth-request.c:1062 userdb = <optimized out> next_userdb = 0xb84ae3c8 result_rule = <optimized out> userdb_continue = <optimized out> #17 0xb77d091c in user_callback (reply=<optimized out>, context=0xb84b9218...

...would seem to be generally useful to be able to check GSSAPI logins against a deny passdb, but is this a valid code change? Alternatively, could the *userdbs* could be extended to cope with the idea of a deny form, since the GSSAPI login process already uses them (although it would have to return USERDB_RESULT_USER_UNKNOWN). Alternatively, does anyone have any other ideas about how I could achieve the same effect? Thanks for listening. Dominic. -- Dominic Hargreaves, Systems Development and Support Team Computing Services, University of Oxford