ssh + pam + ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have been trying to enable ssh authentication with
ldap accounts via pam_ldap and nss_ldap.  I've found
several mini howto's, but none of them seem to work
with my system.  I have noticed that the ldap entries
in nsswitch.conf seem to be working as the ldap
created home directories are nolonger numbered uid and
gid but their appropriate uid and gid names.  However,
when I try to authenticate using ssh it gives me a
password error and ldap doesn't even look as though it
has been quiried.

The follow are samples of some of my files.

Test ldap entry:

 dn: uid=test_test_org, ou=users,
ispmanDomain=test.org, dc=test, dc=org
 ispmanStatus: active
 ispmanCreateTimestamp: 1035521557
 uid: test_test_org
 ispmanUserId: test
 ispmanDomain: test.org
 uidNumber: 1007
 gidNumber: 1002
 mailHost: test
 homeDirectory: /home/test.org/users/test_test_org/
 loginShell: /bin/false
 mailQuota: 5120
 creatorsName: cn=root,dc=test,dc=org
 createTimestamp: 20021025045237Z
 userPassword:: xxxxxx
 mailRoutingAddress: test_test_org@test
 FTPStatus: disabled
 mailForwardingAddress: test@test.org
 objectClass: top
 objectClass: person
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: ispmanDomainUser
 objectClass: PureFTPdUser
 mailLocalAddress: test@test.org
 cn: Test Test
 sn: Test
 givenName: Test
 modifiersName: cn=root,dc=test,dc=org
 modifyTimestamp: 20021025045310Z

(I've noticed that other's pam.d/sshd file have
different libraries.  Is this a problem?)

cat /etc/pam.d/sshd
 
#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_stack.so
service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_stack.so
service=system-auth
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_stack.so
service=system-auth
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_stack.so
service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so

/etc/nsswitch.conf

passwd:     files nisplus nis
shadow:     files nisplus nis
group:      files nisplus nis

I compiled pam_ldap and nss_ldap from source, but no
/etc/*.conf files were created for them.

Any idea why I am able to get the nss_ldap working,
but not the pam_ldap with ssh?

I would appreciate any comments or suggestions.

Respectfully,


Gary

__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/



_______________________________________________

Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux