SUMMARY: OpenSSH and Solaris PAM
alexei_at_soemail.rutgers.edu
Date: 09/30/03
- Previous message: Jeff Germain: "ls doesn't see files with the letter "n""
- In reply to: alexei_at_soemail.rutgers.edu: "OpenSSH and Solaris PAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 30 Sep 2003 10:36:48 -0400 (EDT) To: sunmanagers@sunmanagers.org
Dear sun managers,
Thanks a lot to those of you who replied to my posting.
The suggestions and ideas were very good.
The winning solution came from Fergus Donohue, who pointed me at
the bug report at http://bugzilla.mindrot.org/show_bug.cgi?id=700
The advice about setting "PasswordAuthentication no" and
"ChallengeResponseAuthentication yes" in sshd_config made it to work
with PAM and my LDAP users can login now.
However, for LDAP to work properly, I had to modify my pam.conf slightly,
but it is minor change:
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required pam_ldap.so.1 try_first_pass
sshd account required pam_unix_account.so.1
Regards,
Alexei
On Mon, 29 Sep 2003 alexei@soemail.rutgers.edu wrote:
> Greetings,
>
> I wonder if anyone has succeeded with making OpenSSH 3.7.1p2 to work
> properly with Solaris 9 PAM libs?
>
> After I compiled and configured the OpenSSH 3.7.1p2 with PAM support
> on Solaris 9, I encounter a problem with having it to work with Solaris PAM.
> The PAM libs that used to work fine with Sun SSH no longer work with the
> OpenSSH.
>
> For example, I use an additional authentication PAM module to check for
> entries in /etc/shadow in order to disallow NIS users to login to a NIS
> server. It works fine with Sun SSH but the OpenSSH completely ignores it.
>
> On the other host, which is an OpenLDAP client, the OpenSSH doesn't seem
> to work with Sun's pam_ldap.so.1. LDAP users can't login via ssh.
> However, Sun SSH with the same pam.conf configuration works perfectly:
> sshd auth sufficient pam_ldap.so.1
> sshd auth required pam_unix_auth.so.1
> sshd account sufficient pam_ldap.so.1
> sshd account required pam_unix_auth.so.1
> sshd password sufficient pam_ldap.so.1
> sshd password required pam_unix_auth.so.1
>
> In nsswitch.conf, I have
> passwd: files ldap
> group: files ldap
>
> The OpenSSH has been configured with PAM support:
> ./configure --use-pam ...
>
> When I ldd on /usr/local/sbin/sshd, among the links, it shows
> libpam.so.1 => /usr/lib/libpam.so.1
>
> In sshd_config, I got "UsePAM yes".
>
> Is there anything I am missing?
> Do I need to compile and install special PAM modules for OpenSSH?
>
> It looks like the sshd completely ignores whatever is in /etc/pam.conf.
> Any suggestion or advice would be appreciated.
> Thanks,
> Alexei
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Jeff Germain: "ls doesn't see files with the letter "n""
- In reply to: alexei_at_soemail.rutgers.edu: "OpenSSH and Solaris PAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
