From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4590 invoked by uid 1002); 21 Apr 2003 23:48:09 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 17756 invoked from network); 21 Apr 2003 23:48:09 -0000 Date: Mon, 21 Apr 2003 18:48:08 -0500 From: Mark Bainter To: gentoo-dev@gentoo.org Message-ID: <20030421234808.GG2114@firinn.org> Mail-Followup-To: gentoo-dev@gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Operating-System: Linux 2.4.19-gentoo-r10 on a i586 X-PGP-Fingerprint: CF87 F5AA 26AB 9FA2 BBF3 90D0 0DD1 D14C B2DF AD43 Subject: [gentoo-dev] SSH, PAM, and LDAP X-Archives-Salt: 6a324416-b62b-459b-9eff-7535ca44745f X-Archives-Hash: a2fcd3bc98217cd9e3096a6ad6891255 Ok, I have recently gotten LDAP working for most of the stuff I want it to do, and proceeded to move authentication to it. In doing so I have discovered that OpenSSH does not play nice with PAM + LDAP. >>From what I have gathered from preliminary google digging is that the priviledge seperation rewrite broke PAM pretty severely. None of the password expiry stuff works anymore, and neither does the create home dirs option. I've already tried simply disabling the PrivSep stuff, but the problem goes deeper than that, so it doesn't help. Everything else (telnet/ftp/etc) works fine, it's only ssh that's giving me fits. I'm sure I'm not the only one with a setup like this. If someone else on the list is running in a configuration of this nature and has gotten ssh working, I'd appreciate a pointer to the information that got you past this. Thanks. -- Treat root like a loaded gun. Don't pull it out unless you mean to use it. If you mean to use it make sure you have a clear target and put it right back in the holster as soon as you're done. -- gentoo-dev@gentoo.org mailing list