On Wed, 2018-01-03 at 15:37 +0530, Sudarshan Soma wrote: > Thanks Jakub. so sshd will check nsswitch.conf before refering to > /etc/passwd file. . No, SSHD does not read these files directly. It uses standard/high- level functions such as getpwnam() in Linux to verify existence of the user. > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? Probably. But I do not have a lot of experience with it. > We wanted to enable RADIUS/TACACS Authentication using PAM and > enabling PAM > in sshd. > > > Regards, > Ivan > > On Wed, Jan 3, 2018 at 2:34 PM, Jakub Jelen <jjelen@xxxxxxxxxx> > wrote: > > > On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > > > HI, I do see some refernce on it: but seems not closed > > > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > > > > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > > > > > > > Is this patch available in latest versions, 7.6? > > > > No. It never was. > > > > The SSSD is using NSS (Name Service Switch) [1] way of getting > > credentials. It allows to get them from many sources. > > > > [1] https://en.wikipedia.org/wiki/Name_Service_Switch > > > > Regards, > > Jakub > > > > > On Wed, Jan 3, 2018 at 1:48 PM, Sudarshan Soma <sudarshan12s@gmai > > > l.co > > > m> > > > wrote: > > > > > > > Hi I am trying to write pam_radius module which talks to RADIUS > > > > server for > > > > aaa. > > > > > > > > I see sshd checks /etc/passwd for user list. Since RADIUS > > > > server > > > > has user > > > > list, can sshd ignore this check for RADIUS/TACACS+ > > > > authentication, > > > > Please > > > > suggest if there are any flags to control it. > > > > > > > > I am using the following versions. > > > > OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 > > > > > > > > I see sssd (NAS) being used for such use cases, how does sshd > > > > ignore > > > > /etc/passwd in those cases. > > > > Please suggest > > > > > > > > Regards, > > > > Ivan. > > > > > > > > > > _______________________________________________ > > > openssh-unix-dev mailing list > > > openssh-unix-dev@xxxxxxxxxxx > > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > > -- > > Jakub Jelen > > Software Engineer > > Security Technologies > > Red Hat, Inc. > > -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev