| 1 |
Ryan Henry [mailing list] [ryan.henry.ml@××××××.com] wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA1 |
| 4 |
> |
| 5 |
> I am using ldap authentication with pam and ssh works fine. I have not |
| 6 |
> tested the password expiration stuff but I do have the create home |
| 7 |
> directory working. I also have priveledge separation turned off in my |
| 8 |
> sshd_config. To get this working I added this to /etc/pam.d/system-auth |
| 9 |
> |
| 10 |
> auth sufficient /lib/security/pam_ldap.so use_first_pass |
| 11 |
> account sufficient /lib/security/pam_ldap.so |
| 12 |
> password sufficient /lib/security/pam_ldap.so use_authtok |
| 13 |
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ |
| 14 |
> umask=0077 |
| 15 |
> session optional /lib/security/pam_ldap.so |
| 16 |
> |
| 17 |
|
| 18 |
I wish it did. That's essentially what I have, and I also have |
| 19 |
priveledge seperation turned off. Are you using the shadowAccount |
| 20 |
objectClass or just posixAccount? |
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-dev@g.o mailing list |
Archives