Re: ssh, pam, and ldap
- From: "Jesse C. Waters" <jwaters@xxxxxxxxxxxx>
- Date: Tue, 27 Jan 2009 17:43:54 -0500
Richard Ray wrote:
I have configured pam to authenticate ssh via ldapthat is controlled with your /etc/nsswitch.conf
No problems with that
How can I configure pam/ssh to use ldap for certain accounts only and unix password for other accounts
Running CentOS 5.2
Thanks
Richard Ray
passwd files ldap
group files ldap
check if user exists in /etc/passwd 1st, then ldap
so if you have a local account joe and an ldap account joe, it should use local account 1st. if you flip it around passwd ldap files then vs.
to restrict certain ldap groups to logging in you need add "pam_groupdn" to your ldap.conf file.
All these relate to pam & ldap configurations, I am not a pam expert. Test your configs, make sure you didn't allow anyone into your system as root without a passwd. (did that once, glad it was a vm).
HTH,
Jesse Waters
- Follow-Ups:
- Re: ssh, pam, and ldap
- From: Richard Ray
- Re: ssh, pam, and ldap
- References:
- ssh, pam, and ldap
- From: Richard Ray
- ssh, pam, and ldap
- Prev by Date: Re: Auditing/logging port forwarding
- Next by Date: Re: ssh, pam, and ldap
- Previous by thread: ssh, pam, and ldap
- Next by thread: Re: ssh, pam, and ldap
- Index(es):
Relevant Pages
|
