I have been trying to enable ssh authentication with ldap accounts via pam_ldap and nss_ldap. I've found several mini howto's, but none of them seem to work with my system. I have noticed that the ldap entries in nsswitch.conf seem to be working as the ldap created home directories are nolonger numbered uid and gid but their appropriate uid and gid names. However, when I try to authenticate using ssh it gives me a password error and ldap doesn't even look as though it has been quiried. The follow are samples of some of my files. Test ldap entry: dn: uid=test_test_org, ou=users, ispmanDomain=test.org, dc=test, dc=org ispmanStatus: active ispmanCreateTimestamp: 1035521557 uid: test_test_org ispmanUserId: test ispmanDomain: test.org uidNumber: 1007 gidNumber: 1002 mailHost: test homeDirectory: /home/test.org/users/test_test_org/ loginShell: /bin/false mailQuota: 5120 creatorsName: cn=root,dc=test,dc=org createTimestamp: 20021025045237Z userPassword:: xxxxxx mailRoutingAddress: test_test_org@test FTPStatus: disabled mailForwardingAddress: test@test.org objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: ispmanDomainUser objectClass: PureFTPdUser mailLocalAddress: test@test.org cn: Test Test sn: Test givenName: Test modifiersName: cn=root,dc=test,dc=org modifyTimestamp: 20021025045310Z (I've noticed that other's pam.d/sshd file have different libraries. Is this a problem?) cat /etc/pam.d/sshd #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_stack.so service=system-auth password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_stack.so service=system-auth session sufficient /lib/security/pam_ldap.so session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so /etc/nsswitch.conf passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis I compiled pam_ldap and nss_ldap from source, but no /etc/*.conf files were created for them. Any idea why I am able to get the nss_ldap working, but not the pam_ldap with ssh? I would appreciate any comments or suggestions. Respectfully, Gary __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
