[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Authentication Confusion
fre, 19.12.2003 kl. 06.28 skrev Stephen Hargrove:
> I don't say this as some sort of excuse because I've been reading
> everything I can find about this. However, I am very new to OpenLDAP and
> LDAP in general.
Another #¤&ET¤ poster who refuses point blank to give his OS and distro.
What are we all, clairvoyant?
[...]
> For a simple test, I chose ssh2. So, on the server (which hosts my LDAP),
> I created /etc/pam.d/ssh2. Here's its contents:
>
> # PAM configuration for the Secure Shell service
> auth required pam_nologin.so
> auth sufficient /lib/security/pam_ldap.so use_first_pass
> account sufficient /lib/security/pam_ldap.so
> password sufficient /lib/security/pam_ldap.so use_authtok
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
> umask=0
> session optional /lib/security/pam_ldap.so
I don't know what ssh2 is. On RH 7.2 and RH Enterprise Server 3 there's
ssh that works. Possibly depending on the
/usr/share/doc/nss_ldap-<version>/pam.d directory, cat ssh gives:
#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so
It works for me, using normal ssh, either with a password or an rsa
public key.
--Tonni
--
mail: billy - at - billy.demon.nl
http://billy.demon.nl