From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14181 invoked by uid 1002); 22 Apr 2003 12:56:35 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 157 invoked from network); 22 Apr 2003 12:56:35 -0000 Message-ID: <3EA53BEE.7080403@EPSIIA.com> Date: Tue, 22 Apr 2003 07:56:14 -0500 From: "Ryan Henry [mailing list]" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030324 X-Accept-Language: en-us, en MIME-Version: 1.0 To: gentoo-dev@gentoo.org CC: Mark Bainter References: <20030421234808.GG2114@firinn.org> In-Reply-To: <20030421234808.GG2114@firinn.org> X-Enigmail-Version: 0.73.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner: Found to be clean Subject: Re: [gentoo-dev] SSH, PAM, and LDAP X-Archives-Salt: 82a37d05-9f2b-4c28-9810-6c29ae41415c X-Archives-Hash: 4bcba34a883ea19a507ce8d807364090 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am using ldap authentication with pam and ssh works fine. I have not tested the password expiration stuff but I do have the create home directory working. I also have priveledge separation turned off in my sshd_config. To get this working I added this to /etc/pam.d/system-auth auth sufficient /lib/security/pam_ldap.so use_first_pass account sufficient /lib/security/pam_ldap.so password sufficient /lib/security/pam_ldap.so use_authtok session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077 session optional /lib/security/pam_ldap.so Hope that helps, - -Ryan Mark Bainter wrote: |Ok, I have recently gotten LDAP working for most of the stuff I want it to do, |and proceeded to move authentication to it. In doing so I have discovered that |OpenSSH does not play nice with PAM + LDAP. | |priviledge seperation rewrite broke PAM pretty severely. None of the password |expiry stuff works anymore, and neither does the create home dirs option. | |I've already tried simply disabling the PrivSep stuff, but the problem goes |deeper than that, so it doesn't help. Everything else (telnet/ftp/etc) works |fine, it's only ssh that's giving me fits. | |I'm sure I'm not the only one with a setup like this. If someone else |on the list is running in a configuration of this nature and has gotten |ssh working, I'd appreciate a pointer to the information that got you past |this. | |Thanks. | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+pTvuduH5kxQ36MARAqFbAJ4zWinjU/sX1ip6a2ptfVXB3lzvggCdE+Ql 1WXs1YKSntuVW6p5Hn4nejw= =0MTF -----END PGP SIGNATURE----- -- gentoo-dev@gentoo.org mailing list