On Thu, Oct 20, 2005 at 09:25:42PM +0000, Daniel Jacober wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jason > > Yes that's exactly what I would like to do. > I would like to store the SSH public keys in an LDAP - Directory > instead of storing them locally. > Then I would like to authenticate against those keys. This way I could > control access to all our servers via LDAP. > > I first tried to hack pam_ldap - module but I read about issues in a > newsgroup > > http://www.opensolaris.org/jive/thread.jspa?threadID=614&tstart=15 > > Therefore I tried to make my own module. But I can't find a way to get > the public key into the pam-module. All I get is the password after > SSH pubkey authentication fails. > > Any hint on this subject is greatly appreciated. > > Regards Daniel It seems that SSH can't fetch keys using PAM or LDAP. Furthermore, SSHd don't use PAM in case if user is authentificating using public keys. You must patch SSHd to fetch keys from LDAP, or write PAM module that will communicate with ssh client and verify keys manually. Probably, this can't be achived, because you must initiate key exchange procedure with client. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
