[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Confusion



fre, 19.12.2003 kl. 06.28 skrev Stephen Hargrove:

> I don't say this as some sort of excuse because I've been reading
> everything I can find about this.  However, I am very new to OpenLDAP and
> LDAP in general.

Another #¤&ET¤ poster who refuses point blank to give his OS and distro.
What are we all, clairvoyant?

[...]

> For a simple test, I chose ssh2. So, on the server (which hosts my LDAP),
> I created /etc/pam.d/ssh2.  Here's its contents:
> 
> # PAM configuration for the Secure Shell service
> auth       required     pam_nologin.so
> auth        sufficient    /lib/security/pam_ldap.so use_first_pass
> account     sufficient    /lib/security/pam_ldap.so
> password    sufficient    /lib/security/pam_ldap.so use_authtok
> session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
> umask=0
> session     optional      /lib/security/pam_ldap.so

I don't know what ssh2 is. On RH 7.2 and RH Enterprise Server 3 there's
ssh that works. Possibly depending on the
/usr/share/doc/nss_ldap-<version>/pam.d directory, cat ssh gives:

#%PAM-1.0
auth       required     /lib/security/pam_nologin.so
auth       sufficient    /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_cracklib.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so use_first_pass
session    required     /lib/security/pam_unix_session.so

It works for me, using normal ssh, either with a password or an rsa
public key.

--Tonni

-- 
mail: billy - at - billy.demon.nl
http://billy.demon.nl