Hello Joel, On Thu, 10 May 2001, Joel Dudley wrote: > Hello all, > I hae a strange problem with ssh and pam. Her is my pam config for SSH. > auth sufficient pam_unix.so > auth required pam_pgsql.so host=db0 database=doldb user=postgres table=dol_user user_column=login_name pwd_column=password debug > account sufficient pam_unix.so > account required pam_tcontrol.so > account required pam_pgsql.so host=db0 database=doldb user=postgres table=dol_user user_column=login_name pwd_column=password debug > password sufficient pam_unix.so md5 > password required pam_pgsql.so host=db0 database=doldb user=postgres table=dol_user user_column=login_name pwd_column=password debug > session optional pam_mkhomedir.so > That pam_tcontrol module was written by yours truely and works just fine. > However, wehn I allow the > account sufficient pam_unix.so > ssh will hit the pam_unix.so module and skip over my module and go straight > to the pam_pgsql module. When I comment out the > account sufficient pam_unix.so > then pam hits my module like it should and then goes to pam_pgsql. The > reason I have it set up this way is to provide a failsafe account in > /etc/passwd that can log on to the machine in case the database becomes > unavailable. Why would sshd jump from pam_unix to pam_pgsql and skip my > module? Thanks for taking the time to read my post. SSH doesn't have control over the processing of the PAM config file; this is all handled by libpam. Needless to say, it's not typical for PAM to skip over a module in the stack in the way that you describe. Is it possible that pam_unix is returning success? In that case, neither your module nor pam_pgsql would be called. Steve Langasek postmodern programmer
