RSS feed

Re: NSS+LDAP+SSH setup with /home shared across several servers

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: NSS+LDAP+SSH setup with /home shared across several servers

* Thomas Orgis <> [2015-05-07 10:35]:

Here comes my question: would it be possible to bypass the authtok part of, but keeping all the account information (ids, groups, and login directory) being managed by NSS+LDAP, and proceed with the SSH key pair for authentication? The advantage of this setup is that users using ssh-agent will not have to type passwords during their sessions.

Yes, this works. You simply use the NSS part, wich provides the account information. OpenSSH doesn't use the PAM part at all if key authentication worked anyway.

Just configure nsswitch.conf and nslcd.conf for the LDAP mapping and be happy;-)

[Vielen Dank für die schnelle Antwort!]

I do not know OpennSSH in detail, but I am wondering how this can work in my setup. In my servers (besides the central one), there will be no entries for the users in the local /etc/passwd file. This information (id, home directory, and login shell) will be provided by the LDAP server. How can an SSH key-pair authentication succeed without knowing which is the user's home directory?


To unsubscribe send an email to or see