Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Ryan Henry [mailing list]" <ryan.henry.ml@××××××.com>
To: gentoo-dev@g.o
Cc: Mark Bainter <mark-gt@×××××.org>
Subject: Re: [gentoo-dev] SSH, PAM, and LDAP
Date: Tue, 22 Apr 2003 12:56:35
Message-Id: 3EA53BEE.7080403@EPSIIA.com
In Reply to: [gentoo-dev] SSH, PAM, and LDAP by Mark Bainter
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 I am using ldap authentication with pam and ssh works fine. I have not
5 tested the password expiration stuff but I do have the create home
6 directory working. I also have priveledge separation turned off in my
7 sshd_config. To get this working I added this to /etc/pam.d/system-auth
8
9 auth sufficient /lib/security/pam_ldap.so use_first_pass
10 account sufficient /lib/security/pam_ldap.so
11 password sufficient /lib/security/pam_ldap.so use_authtok
12 session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
13 umask=0077
14 session optional /lib/security/pam_ldap.so
15
16 Hope that helps,
17 - -Ryan
18
19 Mark Bainter wrote:
20
21 |Ok, I have recently gotten LDAP working for most of the stuff I want it
22 to do,
23 |and proceeded to move authentication to it. In doing so I have
24 discovered that
25 |OpenSSH does not play nice with PAM + LDAP.
26 |
27 |priviledge seperation rewrite broke PAM pretty severely. None of the
28 password
29 |expiry stuff works anymore, and neither does the create home dirs option.
30 |
31 |I've already tried simply disabling the PrivSep stuff, but the problem goes
32 |deeper than that, so it doesn't help. Everything else (telnet/ftp/etc)
33 works
34 |fine, it's only ssh that's giving me fits.
35 |
36 |I'm sure I'm not the only one with a setup like this. If someone else
37 |on the list is running in a configuration of this nature and has gotten
38 |ssh working, I'd appreciate a pointer to the information that got you past
39 |this.
40 |
41 |Thanks.
42 |
43 -----BEGIN PGP SIGNATURE-----
44 Version: GnuPG v1.2.1 (GNU/Linux)
45 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
46
47 iD8DBQE+pTvuduH5kxQ36MARAqFbAJ4zWinjU/sX1ip6a2ptfVXB3lzvggCdE+Ql
48 1WXs1YKSntuVW6p5Hn4nejw=
49 =0MTF
50 -----END PGP SIGNATURE-----
51
52
53
54 --
55 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] SSH, PAM, and LDAP Mark Bainter <mark-gt@×××××.org>
Report Message
Find on MARC Find on Google Groups