From owner-freebsd-hackers@FreeBSD.ORG Mon Jun 28 23:24:13 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEC4316A4CE for ; Mon, 28 Jun 2004 23:24:13 +0000 (GMT) Received: from spiff.melthusia.org (spiff.melthusia.org [207.67.244.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 928A643D3F for ; Mon, 28 Jun 2004 23:24:13 +0000 (GMT) (envelope-from gtetlow@spiff.melthusia.org) Received: from spiff.melthusia.org (gtetlow@localhost [127.0.0.1]) by spiff.melthusia.org (8.12.10/8.12.10) with ESMTP id i5SNNWGc015365; Mon, 28 Jun 2004 16:23:32 -0700 (PDT) (envelope-from gtetlow@spiff.melthusia.org) Received: (from gtetlow@localhost) by spiff.melthusia.org (8.12.10/8.12.10/Submit) id i5SNNVto015364; Mon, 28 Jun 2004 16:23:31 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 28 Jun 2004 16:23:31 -0700 From: Gordon Tetlow To: Alexey Zagarin Message-ID: <20040628232331.GH10016@spiff.melthusia.org> References: <40D56C73.8090806@emax.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fwblGvOBo7NCOYks" Content-Disposition: inline In-Reply-To: <40D56C73.8090806@emax.ru> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.5.1i cc: freebsd-hackers@freebsd.org Subject: Re: sshd & pam & getpwnam() X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 23:24:13 -0000 --fwblGvOBo7NCOYks Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 20, 2004 at 02:52:35PM +0400, Alexey Zagarin wrote: > Hello! >=20 > Does anybody know, why sshd call getpwnam() even if user is=20 > authenticating via PAM? This broke remote authentication (RADIUS,=20 > TACACS+) when user doesn't exist in local password database. The user must exist in some sort of directory service in order to log in. Services like krb5 (possibly RADIUS (I can't be bothered to look it up)) don't have fields for assigning critical user information like uid, gid, home directory, shell, .... What you are interested is nsswitch against a remote directory service like NIS or LDAP. -gordon --fwblGvOBo7NCOYks Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA4KhzRu2t9DV9ZfsRAlYxAJ4kqUjZCxdCvtHKi9DcDCFOYcTzLgCeJE5t +DzT82+GSBmVxFe4qdQ2Az4= =aAY2 -----END PGP SIGNATURE----- --fwblGvOBo7NCOYks--