A solution for PAM with nonexistent user
Yuan-Yi Chang
changyy.csie at gmail.com
Fri May 3 14:44:21 WST 2013
Hi,
After configured with --enable-pam and modified the option.h:
//#define ENABLE_SVR_PASSWORD_AUTH
#define ENABLE_SVR_PAM_AUTH
The Dropbear would be with the PAM functionality.
When I used the PAM module to pass the account login flow, but I got the
message: "Login attempt for nonexistent user". I know there should be a
white list for most popular applications, I still think there is another
way for convenience usage on Dropbear.
There is a patch for choose a system account for nonexistent user at PAM
mode (The coding style of this patch may not good enough):
https://github.com/changyy/dropbear-cmake/blob/master/dropbear-2013.58-pam-nonexistent-user-handle.patch
$ /path/dropbear -h
...
-c username choose a system account for nonexistent user at PAM mode
...
$ cat /etc/pam.d/sshd
auth required /path/pam_myway.so
account required /path/pam_myway.so
$ /path/dropbear -p 222 -r /path/testkey -c root -E -F
If login account is nonexistent user, it would choose "root" account to use.
Best Regards,
Yuan-Yi Chang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20130503/6ab8eb56/attachment.htm
More information about the Dropbear
mailing list