[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating SSH from a seperate LDAP server?

To: "" <jhoffmann@vasoftware.com>
Subject: Re: Authenticating SSH from a seperate LDAP server?
From: Tarjei Huse <tarjei@nu.no>
Date: Tue, 6 Jan 2004 10:05:22 +0100
Cc: "" <openldap-software@OpenLDAP.org>
In-reply-to: <3FF9E307.40104@vasoftware.com>
References: <3FF9E307.40104@vasoftware.com>
User-agent: Internet Messaging Program (IMP) 3.2.3-cvs

Hi,
> I'd like to run a seperate SSH daemon on a new port and have it (the new ssh
> 
> daemon, nothing else) authenticate out of an OpenLDAP server running on the
> same 
> box, and not from the RSA key server.  I've tried including a .ldaprc file in
> the user who runs the ssh daemon's home dir but that the daemon doesn't seem
> to 
> pick up on it.
> Is anyone else doing something similiar, and if you are, can you please
> explain how?

No, I haven't done something like this, but this is all up to pam-ldap and
nss-ldap, and thus I would advise you to look there.

Apart from that, I think you'll have to get the new ssh daemon to use a
different pam file from the other one (something like /etc/pam.d/ssh-p333) and
in that file you must point pam-ldap to another config file.

Hmm, you could test some kind of stackable modules to do the same in one pam.d
file.

That only leaves you with the nsswitch.

tarjei

> 
> -- 
> John
> 
> 
> 


Mob: 920 63 413

References:
- Authenticating SSH from a seperate LDAP server?
  - From: John Hoffmann <jhoffmann@vasoftware.com>

Prev by Date: Re: Odd Error
Next by Date: email clients accessing openldap
Index(es):
- Chronological
- Thread