Mailing List Archive: [Bug 1215] sshd requires entry from getpwnam for PAM accounts

http://bugzilla.mindrot.org/show_bug.cgi?id=1215

------- Comment #3 from vadud3@gmail.com 2006-10-02 04:00 -------
(In reply to comment #2)
> Created an attachment (id=1171)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1171&action=view) [edit]
> make sshd handle when getpwnam doesn't know about the user but PAM does
>
> Updated patch (against 4.3p2). Leaks less (but still leaks) and copies
> passwd struct when PAM changes the username (the old one should have,
> but didn't).
>

Is it included in 4.4p1? If yes, is that mean user can ssh with pam
auth success even if s/he do not have a local account?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=1215

------- Comment #4 from dtucker@zip.com.au 2006-10-02 10:14 -------
(In reply to comment #3)
> Is it included in 4.4p1?

No, it's not in 4.4p1. I'm still not convinced it's a good idea and it
has not been tested or reviewed much.

> If yes, is that mean user can ssh with pam
> auth success even if s/he do not have a local account?

If you apply the patch then yes, you should be able to log into a
system using a username that does not exist in the local passwd file
(or wherever's listed in nsswitch.conf) provided that PAM accepts the
username, permits the login and maps PAM_USER to a name that does exist
before the end of the authentication.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs