Solaris 8, PAM, LDAP
From: Jerry (juanino_at_yahoo.com)
Date: Tue, 28 Sep 2004 07:18:27 -0700 (PDT) To: firstname.lastname@example.org
I'm using OpenSSH_3.9p1, with UsePAM=yes and LDAP as
my naming service. I originally enabled UsePAM=yes to
prevent accounts with expired passwords or locked
accounts from ssh-ing via public keys. This seems to
have worked in the past.
Now, after switching to LDAP, I'm having some trouble.
If I set UsePAM=yes, *and* have an authorized_keys
file I will not be able to ssh into the machine. Even
If I attempt to login w/password only it appears the
existance of the authorized_keys file stops me. The
password prompt continually rejects the correct
password. If I move authorized_keys out of the way, I
can login with my password. Wierd.
I've got around this by setting
PubkeyAuthentication=no temporarily as now I can login
without having to move a file in my home directory
every time. This is obviously not desired, since I
want public key authentication.
If I set usePAM=no and PubkeyAuthentication=no, then
pw logins don't work at all. If I set usePAM=no and
PubkeyAuthentication=yes then only key logins work. I
can't seem to get both to work. What am I missing?
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around