Thanks to Mark for the debug hint.
I did the debug thing for two users, one local to both
client and server, and one in ldap.
For the local user a few lines from the logs look
like:
Authorized to test1, krb5 principal [EMAIL PROTECTED]
(krb5_kuserok)
debug3: PAM: do_pam_account pam_acct_mgmt = 0
Accepted gssapi-with-mic for test1 from
::ffff:192.168.1.3 port 48465 ssh2
With the user in ldap, the call to pam_acct_mgmt fails
with code 9.
I then received a tip about the option UsePAM in
sshd_config. After setting this to no, it works for
both users.
It seems I'm cutting of some potentially good methods
by expunging PAM from the scene but perhaps this is
the "right way" of doing it.
__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
