[Date Prev][Date Next]
Account Usable Request Control (220.127.116.11.18.104.22.168.22.214.171.124)
- To: firstname.lastname@example.org
- Subject: Account Usable Request Control (126.96.36.199.188.8.131.52.184.108.40.206)
- From: Charls <email@example.com>
- Date: Fri, 02 Oct 2009 16:23:46 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=0x01.net; s=2008; t=1254493373; bh=6ozNJ3w/gGNzw5wCO0UQl1BMICNS7nWlGYWeCa5o1+Q=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type: Content-Transfer-Encoding; b=GmhcA9wkam6aYMOwzvvUcwlyW5fYc+lGEzeir R/ApmGVTuCZ0GL+WsuR2FhqtO7kZcZ3tUl6u8kMgjxLOSPcOUHs/RVwOkbEqYzySaYc 9ovkprbRQGeyTpxG5qfygy3i3w1Fkdpsw5V4IWJbvMImg2s7x/4MTiP1zdgRpHTDSIc =
- User-agent: Thunderbird 220.127.116.11 (Windows/20090812)
At the moment I'm working with the Sun Java System Directory Server. I
would like to migrate to Openldap but of course without losing
functionality. I enabled pam_ldap account management on all my Linux and
Solaris computers and everything worked fine. Everyone could do
nonpassword-based logins using tools such as rsh or ssh. This feature
was provided by the "Account Usable Request Control"
(18.104.22.168.22.214.171.124.126.96.36.199) from the Directory Server which is needed by
the ldap_pam module from Solaris. After the installation from openldap
on my Solaris server I recognized that nonpassword-based logins on the
Solaris computers are not possible anymore. This problem  was
discussed 2 years ago on "firstname.lastname@example.org" but there was
no solution described. I would like to know if there is a way to get
this feature enabled with openldap? If not what can i do else?
More technically: If a ssh client connects with public key
authentication to a Solaris computer the pam module is sending a query
to the ldap server if the account policies are handled by ldap to get
all supportedControls and to check if the "Account Usable Request
Control" exists to retrieve the policy data without the explicit login
from the user.
Thanks in advance!