[Samba] PAM sending wrong username to Winbind (fwd)
Andrew Bartlett
abartlet at samba.org
Sun Jan 2 03:46:57 GMT 2005
On Tue, 2004-12-28 at 21:06 +1100, Chew, Darren wrote:
> Hi All,
>
> I have tried logging into ftp using my NT username and password and it
> works. It is only SSH which has this problem.
Yes, this is part of a misguided attempt by OpenSSH's PAM code to avoid
giving away 'username ok, but wrong password' errors to remote
attackers. I think it actually gave away more information than it hid,
and I know at the very least this code has changed over a number of
OpenSSH versions.
Try the latest OpenSSH, and ensure that 'getpwnam domain\user' works, as
OpenSSH does this when it thinks the username is invalid.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050102/7aa3edb2/attachment.bin
More information about the samba
mailing list