On Wed, 18 Apr 2001, Nicolas Williams wrote: > > I would certainly call this a bug (except in modules like, say, pam_unix). > > Not something that we can't fix without replacing getpwnam(). :) > Ok. I guess that means I should rip out all references to getpwnam() in > PAM_KRB5... Should be easy enough :) Hey, I'm game if you are. :) I do in fact think this is a good idea; I can't think of any reason that pam_krb5 should need to verify that the user exists locally in order to do authentication. Even if we remove all direct calls to getpwnam() from the authentication side of the module, there's still a getpwnam() call being done for us in the account management stuff that we can't avoid: how do you check the .k5login file for a user whose homedir you can't find? But maybe that's ok. Steve Langasek postmodern programmer
