SSH and no-account logins

From: Inger, Slav (S.B.) (vinger_at_ford.com)
Date: 01/30/04

  • Next message: Sasha: "Re: ssh .vs. rsh" 
    To: "'secureshell@securityfocus.com'" <secureshell@securityfocus.com>
Date: Fri, 30 Jan 2004 11:19:14 -0500

    Hello,

    I'm looking for a way to enable accounts that do not have an account on the
    machine to log in via SSH. Or in other words, I'd like sshd to pass the
    username to PAM without rejecting the login attempt outright. I wrote a
    custom PAM module which is supposed to intercept any login attempt and
    decide what to do based on whether the account exists. When a user with no
    local account tries to log in, sshd presents a password prompt to that user,
    but apparently goes no further since control is never passed to PAM 'auth'
    modules. Thanks.

  • Next message: Sasha: "Re: ssh .vs. rsh"

    Relevant Pages

    • [UNIX] QPopper in Conjunction with PAM Allows Account Verification
      ... QPopper in Conjunction with PAM Allows Account Verification ...
      (Securiteam)
    • Re: Tacacs and OpenSSH
      ... "Also make sure you do have a local user account and it is not locked. ... You must need a local account even though the authentication is done ... I am trying to have sshd use the local account as defined on the TACACS server. ... So my TACACS pam is getting called with the incoming user. ...
      (SSH)
    • Re: How restrict network login on AIX for everything BUT SSH? (RLOGIN=FALSE & loginrestrictions
      ... Unfortunately I WANT to disable telnet, rsh, rlogin etc for an account, ... BUT keep SSH enabled. ... However in Aix v5.3 full ... pam support was added, and our LAM module broke and we have been unable ...
      (comp.security.ssh)
    • Re: Tacacs and OpenSSH
      ... So my TACACS pam is getting called with the incoming user. ... Then restart sshd. ... Also make sure you do have a local user account and it is not locked. ... >> contacts the TACACS server. ...
      (SSH)
    • Re: SSH and no-account logins
      ... > I'm looking for a way to enable accounts that do not have an account on the ... I'd like sshd to pass the ... > username to PAM without rejecting the login attempt outright. ... > decide what to do based on whether the account exists. ...
      (SSH)