1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
I am using ldap authentication with pam and ssh works fine. I have not |
5 |
tested the password expiration stuff but I do have the create home |
6 |
directory working. I also have priveledge separation turned off in my |
7 |
sshd_config. To get this working I added this to /etc/pam.d/system-auth |
8 |
|
9 |
auth sufficient /lib/security/pam_ldap.so use_first_pass |
10 |
account sufficient /lib/security/pam_ldap.so |
11 |
password sufficient /lib/security/pam_ldap.so use_authtok |
12 |
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ |
13 |
umask=0077 |
14 |
session optional /lib/security/pam_ldap.so |
15 |
|
16 |
Hope that helps, |
17 |
- -Ryan |
18 |
|
19 |
Mark Bainter wrote: |
20 |
|
21 |
|Ok, I have recently gotten LDAP working for most of the stuff I want it |
22 |
to do, |
23 |
|and proceeded to move authentication to it. In doing so I have |
24 |
discovered that |
25 |
|OpenSSH does not play nice with PAM + LDAP. |
26 |
| |
27 |
|priviledge seperation rewrite broke PAM pretty severely. None of the |
28 |
password |
29 |
|expiry stuff works anymore, and neither does the create home dirs option. |
30 |
| |
31 |
|I've already tried simply disabling the PrivSep stuff, but the problem goes |
32 |
|deeper than that, so it doesn't help. Everything else (telnet/ftp/etc) |
33 |
works |
34 |
|fine, it's only ssh that's giving me fits. |
35 |
| |
36 |
|I'm sure I'm not the only one with a setup like this. If someone else |
37 |
|on the list is running in a configuration of this nature and has gotten |
38 |
|ssh working, I'd appreciate a pointer to the information that got you past |
39 |
|this. |
40 |
| |
41 |
|Thanks. |
42 |
| |
43 |
-----BEGIN PGP SIGNATURE----- |
44 |
Version: GnuPG v1.2.1 (GNU/Linux) |
45 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
46 |
|
47 |
iD8DBQE+pTvuduH5kxQ36MARAqFbAJ4zWinjU/sX1ip6a2ptfVXB3lzvggCdE+Ql |
48 |
1WXs1YKSntuVW6p5Hn4nejw= |
49 |
=0MTF |
50 |
-----END PGP SIGNATURE----- |
51 |
|
52 |
|
53 |
|
54 |
-- |
55 |
gentoo-dev@g.o mailing list |