[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating SSH from a seperate LDAP server?



Hi,
> I'd like to run a seperate SSH daemon on a new port and have it (the new ssh
> 
> daemon, nothing else) authenticate out of an OpenLDAP server running on the
> same 
> box, and not from the RSA key server.  I've tried including a .ldaprc file in
> the user who runs the ssh daemon's home dir but that the daemon doesn't seem
> to 
> pick up on it.
> Is anyone else doing something similiar, and if you are, can you please
> explain how?

No, I haven't done something like this, but this is all up to pam-ldap and
nss-ldap, and thus I would advise you to look there.

Apart from that, I think you'll have to get the new ssh daemon to use a
different pam file from the other one (something like /etc/pam.d/ssh-p333) and
in that file you must point pam-ldap to another config file.

Hmm, you could test some kind of stackable modules to do the same in one pam.d
file.

That only leaves you with the nsswitch.

tarjei

> 
> -- 
> John
> 
> 
> 


Mob: 920 63 413