A solution for PAM with nonexistent user
Matt Johnston
matt at ucc.asn.au
Mon May 13 21:34:00 WST 2013
Hi,
It looks like a useful patch for some customised
applications, though I'm not sure that it's worth including
in the general program.
Cheers,
Matt
On Fri, May 03, 2013 at 02:44:21PM +0800, Yuan-Yi Chang wrote:
> Hi,
>
> After configured with --enable-pam and modified the option.h:
>
> //#define ENABLE_SVR_PASSWORD_AUTH
> #define ENABLE_SVR_PAM_AUTH
>
> The Dropbear would be with the PAM functionality.
>
> When I used the PAM module to pass the account login flow, but I got the
> message: "Login attempt for nonexistent user". I know there should be a
> white list for most popular applications, I still think there is another
> way for convenience usage on Dropbear.
>
> There is a patch for choose a system account for nonexistent user at PAM
> mode (The coding style of this patch may not good enough):
> https://github.com/changyy/dropbear-cmake/blob/master/dropbear-2013.58-pam-nonexistent-user-handle.patch
>
> $ /path/dropbear -h
> ...
> -c username choose a system account for nonexistent user at PAM mode
> ...
>
> $ cat /etc/pam.d/sshd
> auth required /path/pam_myway.so
> account required /path/pam_myway.so
> $ /path/dropbear -p 222 -r /path/testkey -c root -E -F
>
> If login account is nonexistent user, it would choose "root" account to use.
>
> Best Regards,
> Yuan-Yi Chang
More information about the Dropbear
mailing list