Hello, I have stored my user accounts in an LDAP database and for some reason there are still some users in /etc/passwd. Now I would like to let both types of users have access to certain linux boxes via ssh. In my /etc/pam.d/sshd I have the following lines: auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix.so # set_secrpc auth required /lib/security/pam_nologin.so auth required /lib/security/pam_env.so auth required /lib/security/pam_mail.so account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix.so password required /lib/security/pam_pwcheck.so password required /lib/security/pam_unix.so use_first_pass use_authtok password sufficient /lib/security/pam_ldap.so session required /lib/security/pam_unix.so none # trace or debug session required /lib/security/pam_limits.so This way it works fine, but additionally I would like to restrict the access of users only to certain hosts using the "host" attribute in ldap where the accessible hosts are listed. But with the above configuration this won't work, the user can access any host, even if not listed in the ldap database (yes I use "pam_check_host_attr=yes" in my ldap configuration). If I change the "auth sufficient /lib/security/pam_ldap.so" into "auth required...", the host attribute is checked but now the "/etc/passwd"-users cannot login at all. Any ideas or hints are greatly appreciated... mit freundlichen Grüßen/with best regards Thomas Emde ________________________ ScaleOn GmbH & Co. KG Systems Engineering 1 Geb. B151, Raum 117 D-51368 Leverkusen Telefon +49 214/30-67603 Telefax +49 214/30-24887 E-Mail thomas.emde@scaleon.de Internet http://www.scaleon.de
