Re: NSS+LDAP+SSH setup with /home shared across several servers

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Thomas Orgis <thomas.orgis [at] uni-hamburg.de>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: NSS+LDAP+SSH setup with /home shared across several servers
Date: Thu, 7 May 2015 10:35:27 +0200

Am Thu, 7 May 2015 10:17:39 +0200
schrieb Rafael Laboissiere <rafael@laboissiere.net>:

> Here comes my question: would it be possible to bypass the authtok part 
> of pam_ldap.so, but keeping all the account information (ids, groups, and 
> login directory) being managed by NSS+LDAP, and proceed with the SSH key 
> pair for authentication?  The advantage of this setup is that users using 
> ssh-agent will not have to type passwords during their sessions.

Yes, this works. You simply use the NSS part, wich provides the account
information. OpenSSH doesn't use the PAM part at all if key
authentication worked anyway.

Just configure nsswitch.conf and nslcd.conf for the LDAP mapping and be
happy;-)


Alrighty then,

Thomas

-- 
Dr. Thomas Orgis
Universität Hamburg
RRZ / Zentrale Dienste / HPC
Schlüterstr. 70
20146 Hamburg
Tel.: 040/42838 8826
Fax: 040/428 38 6270

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

NSS+LDAP+SSH setup with /home shared across several servers, Rafael Laboissiere
- Re: NSS+LDAP+SSH setup with /home shared across several servers, Thomas Orgis

Prev by Date: NSS+LDAP+SSH setup with /home shared across several servers
Next by Date: Re: NSS+LDAP+SSH setup with /home shared across several servers
Previous by thread: NSS+LDAP+SSH setup with /home shared across several servers
Next by thread: Re: NSS+LDAP+SSH setup with /home shared across several servers