SUMMARY: Trouble last after SSH + LDAP

From: Jeff Allen <allen@xxxxxxxxx>
Date: Tue, 29 Aug 2006 09:35:03 -0300

As it turned out this is an issue with OpenSSH 4.3p1. There is a
patch avilable at: http://www.zip.com.au/~dtucker/openssh/4.3p1-
configure.patch

Did a make distclean, applied the patch, and rebuilt with no problems.

Thanks to Francois Bousquet who replied suggesting I use the native
Solaris pam_ldap. We're using Apple's Open Directory and I'm not
brave enough to go about patching and recompiling the slapd included
with that.

Original Post:

I have just set up a PAM enabled OpenSSH daemon to allow
authentication against an OpenLDAP server. Authentication is working
fine but when I run the last command SSH logins do not have a
terminal or host name listed and the login date is "Wed Dec 31
20:00". A log out time isn't recorded when logging out and last
reports "still logged in". Finger reports all the correct information
so it seems to be getting name service info properly. Does last and
wtmpx not use the OS name service stuff? Has anyone seen this before?

Background:
Solaris 8 kernel 117350-28
OpenLDAP client 2.3.27
LDAP patch 108993-49 (similar behavior experienced with revision 60)
OpenSSH 4.3p1 / OpenSSL 0.9.7f
PAM LDAP module 1.80
NSS LDAP module 2.52
nscd has been restarted, but ldap_cachemgr is not running, I have
read it is not recommended with OpenLDAP, only with Sun's directory
server.

--
Jeff Allen
Systems Administrator
Faculty of Computer Science
Dalhousie University
Halifax NS Canada
http://www.cs.dal.ca/
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Prev by Date: Q : Does anyone know of an open source web front end for jumpstart
Next by Date: Q: passwd command for user prompts for another user's password to be changed
Previous by thread: Q : Does anyone know of an open source web front end for jumpstart
Next by thread: Q: passwd command for user prompts for another user's password to be changed
Index(es):
- Date
- Thread

Relevant Pages

openssh3.5p1: new functionality added, modifications done
... This is NOT an official or unofficial openssh announcement, patch, release ... secure ftp services for our web content developers. ... there is no server-side control over umask and file permissions. ... I'm running openssh with my patch on my servers, and am quite happy with it. ...
(SSH)
Trouble last after SSH + LDAP
... I have just set up a PAM enabled OpenSSH daemon to allow ... authentication against an OpenLDAP server. ...
(SunManagers)
[UNIX] OpenSSH IP Restriction Bypass (adv.option, Patch Available)
... OpenSSH IP Restriction Bypass ... Apply the following patch. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
Re: sshd, sftp & umask settings (ssh.com 2.4.0)
... This is a problem with openssh as well. ... I just posted this patch a few minutes ago. ... > I found that ssh.com's sshd has a configuration option to use the umask ... > setting in the .cshrc file by setting the following in ...
(comp.security.ssh)
Re: AIX patch works for Openssh but not Putty
... >>I have applied a patch to openssh to get it working with AIX password ... If I ssh to the daemon using openssh ssh it works fine. ... > As far as I know PuTTY does not handle PASSWD_CHANGEREQ. ...
(comp.security.ssh)