1 |
Ryan Henry [mailing list] [ryan.henry.ml@××××××.com] wrote: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA1 |
4 |
> |
5 |
> I am using ldap authentication with pam and ssh works fine. I have not |
6 |
> tested the password expiration stuff but I do have the create home |
7 |
> directory working. I also have priveledge separation turned off in my |
8 |
> sshd_config. To get this working I added this to /etc/pam.d/system-auth |
9 |
> |
10 |
> auth sufficient /lib/security/pam_ldap.so use_first_pass |
11 |
> account sufficient /lib/security/pam_ldap.so |
12 |
> password sufficient /lib/security/pam_ldap.so use_authtok |
13 |
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ |
14 |
> umask=0077 |
15 |
> session optional /lib/security/pam_ldap.so |
16 |
> |
17 |
|
18 |
I wish it did. That's essentially what I have, and I also have |
19 |
priveledge seperation turned off. Are you using the shadowAccount |
20 |
objectClass or just posixAccount? |
21 |
|
22 |
-- |
23 |
gentoo-dev@g.o mailing list |