Re: OpenSSH, PAM and Host Based Authentication
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 12/21/04
- Next message: Darren Tucker: "Re: SSH - RSA Authentication - server refused our key"
- Previous message: Javed: "SSH - RSA Authentication - server refused our key"
- In reply to: tubabeat: "Re: OpenSSH, PAM and Host Based Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Dec 2004 12:07:51 GMT
In article <1103616231.528948.186670@c13g2000cwb.googlegroups.com>,
tubabeat <kevin@kevinspicer.co.uk> wrote:
>I know why PAM is disallowing the login, sorry I should have made that
>clear in my post. pam_ldap authenticates the user by doing a bind
>against the directory as the user using the password supplied. If it
>doesn't have the password (in the hostbased login scenario) it can't
>bind, and therefore doesn't authenticate.
>
>My point is why should host-based authentication care about the users
>password?
It doesn't but the PAM stacks other than auth (eg account, session)
that sshd still checks probably do. Try commenting them out of your
PAM config one at a time and see which it is.
Just because you're not authenticating via PAM, doesn't mean PAM isn't
being used.
This problems also occurs with kerberos-based logins, too.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Darren Tucker: "Re: SSH - RSA Authentication - server refused our key"
- Previous message: Javed: "SSH - RSA Authentication - server refused our key"
- In reply to: tubabeat: "Re: OpenSSH, PAM and Host Based Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
