lists.arthurdejong.org
RSS feed

Re: NSS+LDAP+SSH setup with /home shared across several servers

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: NSS+LDAP+SSH setup with /home shared across several servers



Am Thu, 7 May 2015 10:17:39 +0200
schrieb Rafael Laboissiere <rafael@laboissiere.net>:

> Here comes my question: would it be possible to bypass the authtok part 
> of pam_ldap.so, but keeping all the account information (ids, groups, and 
> login directory) being managed by NSS+LDAP, and proceed with the SSH key 
> pair for authentication?  The advantage of this setup is that users using 
> ssh-agent will not have to type passwords during their sessions.

Yes, this works. You simply use the NSS part, wich provides the account
information. OpenSSH doesn't use the PAM part at all if key
authentication worked anyway.

Just configure nsswitch.conf and nslcd.conf for the LDAP mapping and be
happy;-)


Alrighty then,

Thomas

-- 
Dr. Thomas Orgis
Universität Hamburg
RRZ / Zentrale Dienste / HPC
Schlüterstr. 70
20146 Hamburg
Tel.: 040/42838 8826
Fax: 040/428 38 6270

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/