Thanks for the replies everyone.
It seems to be working without any sshd restart.
Also, I changed ldap conf to a non standard location for some
debugging. It still uses same ldap url over ssl, so I didn't have to
restart nscd. But it's good to know of potential pitfalls.
--
CS.
On Mon, Aug 30, 2010 at 3:25 PM, Paul Heinlein <heinlein@xxxxxxxxxx> wrote:
> On Mon, 30 Aug 2010, Carlos S wrote:
>
>> Changed system-auth config to use LDAP.
>>
>> The sshd config is configured to use PAM. I am not sure whether it
>> load that file at daemon start or refers to it every time a login
>> attempt with password is made.
>>
>> When would it be requiring restart in general?
>
> Make sure you restart nscd before trying anything else.
>
> If
> * you're doing LDAP over SSL,
> * you've configured LDAP to verify peers against a CA certificate,
> * that cert was not in place when you did the system-auth changes,
> then sometimes a reboot seems the easiest way out.
>
> I suspect that I haven't played enough with tricks like "telinit u" to
> figure out the real magic. All I know is that a mid-stream switch to
> LDAP/SSL doesn't always "take" easily.
>
> --
> Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
