-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all After studying documentation and searching google for several hours I'm posting this message here with the hope to find someone being able to answer my questions. Here's what I'm trying to do: I would like to store my public keys centrally on an LDAP - Server and redirect public key authentication with PAM to the LDAP - Server. I read on http://www.opensolaris.org/jive/thread.jspa?threadID=614&tstart=15 that there are some issues with pam_ldap - module and public key login so therefore I decided to write my own module. The only trouble is I can do what ever I want, I can't get the key sent by the ssh-client into my pam module. It seems as ssh completely ignores pam when I make login with public keys. If I put authorized_keys - file in place, the login succeeds without taking notice of the pam modules. If I remove the files I can't get hold of the public keys. I read in a news group article that I should use pam_listfile but this didn't help neither. Here's my current pam config: sshhost pam.d # cat sshd #%PAM-1.0 auth required /lib/security/pam_nologin.so auth required /lib/security/pam_listfile.so item=user sense=allow onerr=fail file=/etc/listfile.conf auth required /lib/security/pam_ldap_pkey.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix.so shadow nullok use_first_pass account required /lib/security/pam_listfile.so item=user sense=allow onerr=fail file=/etc/listfile.conf account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_unix.so nullok use_authtok shadow session required /lib/security/pam_unix.so If anyone has an idea help would be greatly appreciated. Regards Daniel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDUY0t+Jpc4lzks7cRAifCAKCY83b76cFeJizrXbwlqBJw5CbB2gCfZRg2 4vYGNSQpiM5paoz7uz3+DPA= =Lv89 -----END PGP SIGNATURE----- _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list