Hi all,
Is it possible to store OpenSSH RSA public keys into centrally managed LDAP database ? (I'm using Sun One Directory Server 5.2).
I have found a patch at http://ldappubkey.gcu-squad.org/ which is supposed to do this, but I would prefer using a PAM solution here because I also want Apache and Proftpd working through PAM. Using PAM I wouldnt have to configure each application which server to use, etc.
Here is my config:
/etc/pam.conf
# Support for LDAP OpenSSH
sshd auth sufficient /usr/lib/security/pam_ldap.so.1
sshd account sufficient /usr/lib/security/pam_ldap.so.1
sshd password sufficient /usr/lib/security/pam_ldap.so.1
sshd password required /usr/lib/security/pam_unix.so.1
sshd auth required /usr/lib/security/pam_unix.so.1
sshd account required /usr/lib/security/pam_unix.so.1
sshd session required /usr/lib/security/pam_unix.so.1
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
I also noted "publickey: files" in nsswitch. Maybe this is where SSH will look for SSH keys?
/var/ldap/ldap_client_file
NS_LDAP_SERVERS=xxx:389
NS_LDAP_SEARCH_BASEDN=dc=xxx,dc=com
What I want PAM to do is first try local flat-db-files and if not exist try auth on LDAP.
Is it possible to do this with just the pam_ldap module or do I have to use something like the patch I posted?
I also want to make Apache and Proftpd work with PAM-ldap. Has anyone any experience with that?
Help or pointers to other lists appreciated.
Cheers,
Magnus
System:
Solaris 8
Apache 1.3.x
OpenSSH 3.7.1p2
Proftpd 1.2.8
Sun One Directory Server 5.2
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
