[Classic-discuss] ldap: local login works but ssh doesn't

Rolf Deenen rdeenen at home.nl
Thu Feb 1 21:30:48 UTC 2007 

Dear Mikael,

Thanks once again. Got it working now. I was probably so busy with the
ldap-server, pam and nss that i didn't think of enabling pam in the ssh daemon.
It may also be that i was under the impression that authconfig would handle
this.

Rolf Deenen

> On Tuesday 30 January 2007 23:23, Rolf Deenen wrote:
>> Hello list,
>>
>> I am trying to use ldap for as many as possible services as possible on my
>> tinysofa classic homeserver. I am a complete newbe to the subject but have
>> managed to get ldap authentication working using ldap (looking back it
>> wasn't that difficult. I wished i had noticed authconfig earlier :-) ).
>> However, i mostly access the machine through ssh and i have been unable to
>> authenticate through ldap. I have used authconfig to configure the machine
>> to use ldap. When i try to login though ssh it keeps giving me "permission
>> denied" with the same account i can use to login locally using ldap
>> authentication. When i start the server manually using /usr/sbin/slapd -d 1
>> (for debugging) i DO see a lot of action going on when i try to log in.
>> Does this mean that my pam/nss setup is ok? Are there common pitfalls to
>> logging in with ssh using ldap? If is could be an pam/nss issue, can
>> someone with the same setup share me his or her /etc/pam.d/sshd file?
>>
>> I have been googling around for the subject but have not been able to
>> detect an error in my setup.
>>
>
> Hi,
> Here's the relevant part of "man 5 sshd_config" :
>
> UsePAM
> Enables the Pluggable Authentication Module interface.  If set to "yes" this
> will enable PAM authentication using ChallengeResponseAuthentication and
> PasswordAuthentication in addition to PAM account and session module
> processing for all authentication types.
>
> Because PAM challenge-response authentication usually serves an equivalent
> role to password authentication, you should disable either
> PasswordAuthentication or ChallengeResponseAuthentication.
>
> If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user.
> The default is "no".
>
> HTH,
> Mikael
> _______________________________________________
> Classic-discuss mailing list
> Classic-discuss at tinysofa.org
> http://lists.tinysofa.org/mailman/listinfo/classic-discuss
>

More information about the Classic-discuss mailing list