[Classic-discuss] ldap: local login works but ssh doesn't
Mikael Bak
mikael at tinysofa.org
Wed Jan 31 10:08:57 UTC 2007
On Tuesday 30 January 2007 23:23, Rolf Deenen wrote:
> Hello list,
>
> I am trying to use ldap for as many as possible services as possible on my
> tinysofa classic homeserver. I am a complete newbe to the subject but have
> managed to get ldap authentication working using ldap (looking back it
> wasn't that difficult. I wished i had noticed authconfig earlier :-) ).
> However, i mostly access the machine through ssh and i have been unable to
> authenticate through ldap. I have used authconfig to configure the machine
> to use ldap. When i try to login though ssh it keeps giving me "permission
> denied" with the same account i can use to login locally using ldap
> authentication. When i start the server manually using /usr/sbin/slapd -d 1
> (for debugging) i DO see a lot of action going on when i try to log in.
> Does this mean that my pam/nss setup is ok? Are there common pitfalls to
> logging in with ssh using ldap? If is could be an pam/nss issue, can
> someone with the same setup share me his or her /etc/pam.d/sshd file?
>
> I have been googling around for the subject but have not been able to
> detect an error in my setup.
>
Hi,
Here's the relevant part of "man 5 sshd_config" :
UsePAM
Enables the Pluggable Authentication Module interface. If set to "yes" this
will enable PAM authentication using ChallengeResponseAuthentication and
PasswordAuthentication in addition to PAM account and session module
processing for all authentication types.
Because PAM challenge-response authentication usually serves an equivalent
role to password authentication, you should disable either
PasswordAuthentication or ChallengeResponseAuthentication.
If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user.
The default is "no".
HTH,
Mikael
More information about the Classic-discuss
mailing list