[Samba] PAM sending wrong username to Winbind (fwd)

Andrew Bartlett abartlet at samba.org
Sun Jan 2 03:46:57 GMT 2005

On Tue, 2004-12-28 at 21:06 +1100, Chew, Darren wrote:
> Hi All,
> I have tried logging into ftp using my NT username and password and it 
> works. It is only SSH which has this problem.

Yes, this is part of a misguided attempt by OpenSSH's PAM code to avoid
giving away 'username ok, but wrong password' errors to remote
attackers.  I think it actually gave away more information than it hid,
and I know at the very least this code has changed over a number of
OpenSSH versions.  

Try the latest OpenSSH, and ensure that 'getpwnam domain\user' works, as
OpenSSH does this when it thinks the username is invalid.

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050102/7aa3edb2/attachment.bin

More information about the samba mailing list