invalid user upon authentication #6
Description
Hi, thanks for the library. I'm uncertain as to the state of the library, but I've been trying to put it to use. I have a use case where I'd like a cluster of FTP/SFTP servers authenticating users off an Auth0 tenant.
What I'm running into is that users are not recognized as valid before the password is even attempted:
$ tail -f /var/log/auth*
$ ssh ftpuser@localhost
==> /var/log/auth.log <==
Mar 8 02:51:15 jrc-ftptest sshd[6810]: Invalid user ftpuser from ::1 port 53020
Mar 8 02:51:15 jrc-ftptest sshd[6810]: input_userauth_request: invalid user ftpuser [preauth]
Mar 8 02:51:15 jrc-ftptest sshd[6810]: Postponed keyboard-interactive for invalid user ftpuser from ::1 port 53020 ssh2 [preauth]
The above logs are prior to a password being input.
When a password is supplied:
==> /var/log/auth0-pam.log <==
*** Sun Mar 8 02:51:21 2020
==> /var/log/auth.log <==
Mar 8 02:51:21 jrc-ftptest sshd[6813]: pam_exec(sshd:auth): execve(/var/lib/auth0/pam,...) failed: Permission denied
Mar 8 02:51:21 jrc-ftptest sshd[6812]: pam_exec(sshd:auth): /var/lib/auth0/pam failed: exit code 13
Mar 8 02:51:21 jrc-ftptest sshd[6810]: Postponed keyboard-interactive/pam for invalid user ftpuser from ::1 port 53020 ssh2 [preauth]
Mar 8 02:51:21 jrc-ftptest sshd[6810]: Failed keyboard-interactive/pam for invalid user ftpuser from ::1 port 53020 ssh2
Mar 8 02:51:21 jrc-ftptest sshd[6810]: Postponed keyboard-interactive for invalid user ftpuser from ::1 port 53020 ssh2 [preauth]
I see in your repo you use something called 'extrausers' however I'm not clear how this plays a role. I do not wish to keep a local record of all potential Auth0 users who may log in.
Appreciate any help/advice you're able to offer as I seek to put this to use.