I know this question has been asked several times over the years
but I have not seen a definitive answer/solution if one exists. If one
does not exist or I need to develop one, then I can stop looking! I am
attempting to integrate a Tacacs+ PAM with OpenSSH. I would like to
have the PAM authenticate the User ID as well as the password. Thus the
users do not exist in /etc/passwd. I am not using NIS or any other
system for user ids. The Tacacs server is the only place the user ids
exist. Ultimately when the user authenticates via Tacacs, I will switch
the user to a known user in /etc/passwd and provide the logging in user
with a specific TTY interface via the shell. When attempting this on
linux with OpenSSH 4.3p2 compiled with with_pam and seemingly the
correct sshd_config options, I received the infamous "Invalid user"
debug messages. Is this possible with the current OpenSSH and/or some
patch for it?

Thanks in advance,
Gary