Re: [RFC][PATCH] Detect and handle PAM changing user name

James R. Leu wrote:
> I've implemented a patch to openssh which allows the PAM auth layer
> to detect if the PAM stack has changed the user name and then adjusts
> its internal data structures accordingly. (imagine a PAM stack that
> uses individual credentials to authenticate, but assigns the user to
> a role account).
>
> First, is the openssh community interested in this patch?

Maybe. I'm not convinced it's the right thing to do, though.

> Second, if there is interest in the patch, how do I go about
> submitting the patch for formal review?

Attach it to http://bugzilla.mindrot.org/show_bug.cgi?id=1215, but from
a brief look it appears your patch is a subset of the one already there
(which also handles the case where the user doesn't exist on the system,
normally this would get the login marked as invalid).

> Third, regardless of interest by the openssh community, is there
> anyone willing to review this code for me?
>
> PS I've tested the code path going through sshpam_auth_passwd(),
> but do know how to test the code path that goes through sshpam_thread().

Use ChallengeResponseAuthentication.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev