sshd file with pam_ldap 6.3 or 7.0 ?

Frank Bonnet Wed, 26 Mar 2008 08:02:20 -0700

Hello

After having spent several hours on it I can't have a working
ssh access that use PAM_LDAP on a freebsd 6/7 machine !


I have no problem on a Linux Debian etch box ...

Where are we going if Linux works better than BSD ? :-)


Brian A. Seklecki wrote:

On Tue, 2008-03-25 at 16:31 +0100, Frank Bonnet wrote:

Hello Brian

Thanks for the quick answer but I'm still in trouble


Turn on the debugging flags in the configuration file for pam_ldap
in /usr/local/etc and watch the console on the system.

~BAS

we I try to ssh connect to the machine I fall in a loop
like the following

panzer:~> ssh  [EMAIL PROTECTED]
Password:
Old Password:
Password:
Old Password:
Password:

I am SURE the password I type works




Brian A. Seklecki wrote:

The problem is that the PAM libraries provide a shit-fuck-ass-worthless
debug mechanisms.  This only eclipsed by the terribly organized
information on LDAP+NSS+PAM for FreeBSD on the web.

The file is the same for pam.d/system and /usr/local/etc/pam.d/sudo.
Please put this on the OpenLDAP / PADL Wiki somewhere:

[EMAIL PROTECTED]:/home/seklecki$ more /etc/pam.d/sshd


# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#

# auth
#auth           required        pam_nologin.so          no_warn
#auth           sufficient      pam_opie.so             no_warn
no_fake_prompts
#auth           requisite       pam_opieaccess.so       no_warn
allow_local
#auth           sufficient      pam_krb5.so             no_warn
try_first_pass
#auth           sufficient      pam_ssh.so              no_warn
try_first_pass

auth sufficient /usr/local/lib/pam_ldap.soauth required pam_unix.so no_warn

try_first_pass

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required       /usr/local/lib/pam_ldap.so
ignore_authinfo_unavail ignore_unknown_user
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_permit.so
session         sufficient      /usr/local/lib/pam_ldap.so no_warn
try_first_pass

# password
#password       sufficient      pam_krb5.so             no_warn
try_first_pass
password        required        pam_unix.so             no_warn
try_first_pass
#password         required      /usr/local/lib/pam_ldap.so no_warn
try_first_pass


Also try:

$ grep -i debug /usr/local/etc/ldap.conf
#debug 1
$ grep -i debug /usr/local/etc/nss_ldap.conf
#debug 1


Higher levels for fun.

~BAS


On Tue, 2008-03-25 at 15:34 +0100, Frank Bonnet wrote:

Hello

I can't get a working sshd access using pam_ldap and nss_ldap

/etc/nsswitch.conf is OK

but I'm having difficulties to configure pam_ldap for a ssh access
on a machine ( 6.3 or 7.0 ) ... I have been trying a lot to configure
the /etc/pam.d/sshd file but haven't any success (sigh!)

Anyone could helps ?

Thanks a lot !


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ?

Reply via email to