Sun, Jun 20, 2004 at 14:52:35, zagarin wrote about "sshd & pam & getpwnam()":
> Does anybody know, why sshd call getpwnam() even if user is > authenticating via PAM? This broke remote authentication (RADIUS, > TACACS+) when user doesn't exist in local password database. Because you mix two different things - users directory (in modern unixes including 5.* it is implemented as NSS) and authentication (implemented as PAM). To log in with sshd, user must be known in passwd database; if sshd would enable user to log in without account, this won't be sshd, but will be anything another. To allow remote user lists, use NIS; for now it is the only working and well-tested mechanism to spread user list (passwd.*) for many systems. See "YP/NIS INTERACTION" in passwd(5) for details. -netch- _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
