What are "pam_unix(sshd:auth): check pass; user unknown" messages in system log?

Categories: SteelHead
Solution Number: S18223


When INFO level logging is enabled, in some scenarios when RADIUS/TACACS is used in combination with local login, pam_unix(sshd:auth): check pass; user unknown messages are seen in system logs


This is normal and expected behaviour on all RiOS releases. By default, SSH allows empty passwords for user logins. This means that every single user on SSH login is matched against local database with empty password. If user is found but password is set, system log will report authentication failure and user will be prompted for password. If user is not found localy because it exists in RADIUS or TACACS database, system log will report pam_unix(sshd:auth): check pass; user unknown and user will be again prompted for password and later checked against RADIUS/TACACS database.


All RiOS releases

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2013-09-26
Can't find an answer? Create a case