[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: sshd & pam & getpwnam()
From: Danny Braniss <danny () cs ! huji ! ac ! il>
Date: 2004-06-29 6:39:28
Message-ID: 20040629063937.4D16843D31 () mx1 ! FreeBSD ! org
[Download RAW message or body]
> Sun, Jun 20, 2004 at 14:52:35, zagarin wrote about "sshd & pam & getpwnam()":
>
> > Does anybody know, why sshd call getpwnam() even if user is
> > authenticating via PAM? This broke remote authentication (RADIUS,
> > TACACS+) when user doesn't exist in local password database.
>
> Because you mix two different things - users directory (in modern unixes
> including 5.* it is implemented as NSS) and authentication (implemented as PAM).
> To log in with sshd, user must be known in passwd database; if sshd would
> enable user to log in without account, this won't be sshd, but will be
> anything another.
>
> To allow remote user lists, use NIS; for now it is the only working
> and well-tested mechanism to spread user list (passwd.*) for many systems.
> See "YP/NIS INTERACTION" in passwd(5) for details.
>
not 100% true, dns/hesiod works great.
my 5 cents,
danny
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic