[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP sshd problem... Did you ever fix?



On Wed, 2003-10-08 at 20:20, Steven J. Sobol wrote:
> Hi there,
> 
> I'm seeing a similar problem to the one you posted about a couple months 
> ago. I found your post on the PADL pam_ldap archive. I modified the 
> system_auth service instead of modifying sshd, but with the same results. 
> Did you ever come up with a solution?? Thanks

Hi Steven,

I forget the specifics, but it has been working fine for awhile.  Others
have asked me the same question, so I CC'd the list.

Here's my /etc/pam.d/sshd:

auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

Here's my /etc/pam.d/system-auth:

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_ldap.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
nodelay
auth       required     /lib/security/pam_deny.so

account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix.so

password   required     /lib/security/pam_cracklib.so retry=3
password   required     /lib/security/pam_ldap.so
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow
use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so

Hope that helps!

Brent