RE: SSH and mounted home directories
From: Covington, Jimmy D. (NGIT) (Jimmy.Covington_at_mail.va.gov)
Date: 10/25/04
- Previous message: Frank Hamersley: "RE: Controlling ssh from an external program"
- Maybe in reply to: Covington, Jimmy D. (NGIT): "SSH and mounted home directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'sec urity'" <int.security@gmail.com> Date: Mon, 25 Oct 2004 07:22:08 -0500
It only returns with another login prompt. I am pretty sure that it is
something to do with our pam.conf file. Here is what we are using now:
#
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
-----Original Message-----
From: sec urity [mailto:int.security@gmail.com]
Sent: Sunday, October 24, 2004 1:25 PM
To: Covington, Jimmy D. (NGIT)
Cc: secureshell@securityfocus.com
Subject: Re: SSH and mounted home directories
what is the error you are getting ?
On Fri, 22 Oct 2004 07:48:47 -0500, Covington, Jimmy D. (NGIT)
<jimmy.covington@mail.va.gov> wrote:
> We are mounting home directories for all of our UNIX servers, which cover
> Solaris, HPUX and AIX. We're also running these boxes as native ldap
> clients. The home directories are mounted thru vfstab not automount. We
> cannot get the ssh-keys to work properly. Does anyone have any suggestions
> on how to get this to work?
>
> Jim Covington
> UNIX Systems Engineer
> Northrup Grumman
> Veterans Administration
> Austin Automation Center
> 1615 Woodward St.
> Austin, Texas 78772-7830
> Phone: (512) 326-6635
>
>
- Previous message: Frank Hamersley: "RE: Controlling ssh from an external program"
- Maybe in reply to: Covington, Jimmy D. (NGIT): "SSH and mounted home directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
