Solaris 8, PAM, LDAP

From: Jerry (juanino_at_yahoo.com)
Date: 09/28/04

  • Next message: David M. Andersen: "Re: Locking down ssh config in large env"
    Date: Tue, 28 Sep 2004 07:18:27 -0700 (PDT)
    To: secureshell@securityfocus.com
    
    

    I'm using OpenSSH_3.9p1, with UsePAM=yes and LDAP as
    my naming service. I originally enabled UsePAM=yes to
    prevent accounts with expired passwords or locked
    accounts from ssh-ing via public keys. This seems to
    have worked in the past.

    Now, after switching to LDAP, I'm having some trouble.
     If I set UsePAM=yes, *and* have an authorized_keys
    file I will not be able to ssh into the machine. Even
    If I attempt to login w/password only it appears the
    existance of the authorized_keys file stops me. The
    password prompt continually rejects the correct
    password. If I move authorized_keys out of the way, I
    can login with my password. Wierd.

    I've got around this by setting
    PubkeyAuthentication=no temporarily as now I can login
    without having to move a file in my home directory
    every time. This is obviously not desired, since I
    want public key authentication.

    If I set usePAM=no and PubkeyAuthentication=no, then
    pw logins don't work at all. If I set usePAM=no and
    PubkeyAuthentication=yes then only key logins work. I
    can't seem to get both to work. What am I missing?

    Jerry

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com


  • Next message: David M. Andersen: "Re: Locking down ssh config in large env"

    Relevant Pages

    • KDE Login Issue
      ... It is functioning as a ldap ... and nfs server for all my accounts. ... After entering the login information ...
      (alt.os.linux.suse)
    • PAM/GDM Login Problem
      ... 2003 Active Directory server for LDAP. ... login via GDM with an Acitive Directory account. ... The only accounts I can login via ...
      (comp.os.linux.setup)
    • Re: LDAP Client Setup on Solaris 8
      ... Users are able to login to Sun unix boxes using ldap id. ... all accounts defined in the LDAP servercan login to any of ...
      (comp.unix.solaris)
    • Re: PAM/GDM Login Problem
      ... 2003 Active Directory server for LDAP. ... login via GDM with an Acitive Directory account. ... The only accounts I can login via ... GDM are local accounts. ...
      (comp.os.linux.setup)
    • No more logins after upgrade to deb 5.0
      ... After upgrading from Debian 4.x to 5.x without any further configuration attempts my LDAP Authentication configuration fails. ... If an LDAP Administrator resets that users password and/or as long their ldap password is not expired the user can login anywhere just fine. ...
      (Debian-User)