Re: NSS+LDAP+SSH setup with /home shared across several servers
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: NSS+LDAP+SSH setup with /home shared across several servers
- From: Rafael Laboissiere <rafael [at] laboissiere.net>
- To: Thomas Orgis <thomas.orgis [at] uni-hamburg.de>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: NSS+LDAP+SSH setup with /home shared across several servers
- Date: Thu, 7 May 2015 11:08:04 +0200
* Thomas Orgis <thomas.orgis@uni-hamburg.de> [2015-05-07 10:35]:
Here comes my question: would it be possible to bypass the authtok part
of pam_ldap.so, but keeping all the account information (ids, groups, and
login directory) being managed by NSS+LDAP, and proceed with the SSH key
pair for authentication? The advantage of this setup is that users using
ssh-agent will not have to type passwords during their sessions.
Yes, this works. You simply use the NSS part, wich provides the account
information. OpenSSH doesn't use the PAM part at all if key
authentication worked anyway.
Just configure nsswitch.conf and nslcd.conf for the LDAP mapping and be
happy;-)
[Vielen Dank für die schnelle Antwort!]
I do not know OpennSSH in detail, but I am wondering how this can work in
my setup. In my servers (besides the central one), there will be no
entries for the users in the local /etc/passwd file. This information
(id, home directory, and login shell) will be provided by the LDAP
server. How can an SSH key-pair authentication succeed without knowing
which is the user's home directory?
Best,
Rafael
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
