[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ssh authentication through openldap on RH9
Title: Message
I am in the process
of implementing a single sign-on environment, based on LDAP.
I am using the
openldap, pam and openssh, as distributed with red hat
9.
openldap
2.0.27-8
openssh
3.5p1-6
pam
0.75-48
LDAP is configured
and running. I have also defined host groups and not all users have
access to all hosts.
Login authentication
on the console works great, i.e., allows users with local accounts and those
authorised to access the host to login and prevents those not members of the
group to gain access.
When I try to get
the same behaviour through ssh, I fail miserably and have not found an answer to
what is going on. I followed the directions in the LDAP System
Administration book by Gerald Carter, plus extensive search on the web did not
result in any working solutions. I am hopping that someone on this list
will be able to point me to the right direction.
Right now I am not
use whether the problem exists on the LDAP side (I do not think so) or on the
ssh (/etc/ssh/sshd_config)and pam (/etc/pam.d/sshd) side. The latest
version of the /etc/pam.d/sshd file I use is:
auth
required
/lib/security/pam_securetty.so
auth
required
/lib/security/pam_nologin.so
auth
sufficient
/lib/security/pam_ldap.so
auth
required /lib/security/pam_unix_auth.so
try_first_pass
account sufficient
/lib/security/pam_ldap.so
account
required
/lib/security/pam_unix_acct.so
password
required
/lib/security/pam_cracklib.so
password
required
/lib/security/pam_ldap.so
password
required /lib/security/pam_pwdb.so
use_first_pass
session required
/lib/security/pam_unix_session.so
I am sure there are
people out there who have implemented this in their environments and I
would greatly appreciate some help in getting it to work in my
environment.
After this is done,
I will attempt integration with samba, email (open exchange), and Windows
(active directory). Wish me luck!
Regards,
Demetrios
----------------------------------------------------
Demetrios Sapounas
Solutions Architect
Eastport Analytics
Phone: 703.351.5273
Email: ds@eastportanalytics.com
----------------------------------------------------