On Thu, Jan 08, 2009 at 09:06:30PM +0300, Dan Yefimov wrote: >> BUT the log says that 'anonymous' is not a valid user and it doesn't log >> as 'system'. My questions are: >> * Despite the fact that I have created 'anonymous' as user, I >> haven't been capable of mapping the user 'system' with PAM. >> * I have taking a look to NSS (which is one of the solutions given >> in the previously mentioned thread) and don't know how does it fit >> in this structure. Am I wrong? >> * Is OpenSSH fault because it seems that doesn't take into account >> the change of user? >> * Is user mapping possible in this structure (OpenSSH + PAM)? > That is a feature of OpenSSH. It is OpenSSH that is responsible for > setting UID/GID and supplementary GIDs before starting user session. > pam_set_item(pamh, PAM_USER, "system") sets only user name PAM is > authenticating as, but OpenSSH doesn't check whether PAM_USER was changed > during pam_authenticate() or not. Questions about OpenSSH are more > appropriate in their mailing list. This is true that OpenSSH is responsible for setting the ids; I would, however, note that I think it's a (low-priority) bug in the PAM implementation of OpenSSH that it doesn't honor username mappings from the PAM stack. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@xxxxxxxxxx vorlon@xxxxxxxxxx _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
