Re: NSS+LDAP+SSH setup with /home shared across several servers
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: NSS+LDAP+SSH setup with /home shared across several servers
- From: Thomas Orgis <thomas.orgis [at] uni-hamburg.de>
- To: Rafael Laboissiere <rafael [at] laboissiere.net>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: NSS+LDAP+SSH setup with /home shared across several servers
- Date: Thu, 7 May 2015 12:05:07 +0200
Am Thu, 7 May 2015 11:08:04 +0200 schrieb Rafael Laboissiere <rafael@laboissiere.net>: > How can an SSH key-pair authentication succeed without knowing > which is the user's home directory? That's the beauty of the separation between NSS and the actual authentication part in PAM or via SSH keys. The NSS part gives sshd the account information like home directories via LDAP if configured as such (via nsswitch.conf). Authenticating users via LDAP would then work if the PAM module is used. If sshd does authentication itself, it still has the LDAP information via NSS. Trust me, it works;-) You just configued things so that shell$ id $some_user works to give you information about that user account from LDAP. This part has nothing to do with PAM. You can then proceed to set up SSH keys and configure sshd to not allow password logins (make sure to disable everything except keys, as it would fallback to other enabled methods). Also, if you want to fetch the SSH keys via LDAP, you can hook any source into OpenSSH via AuthorizedKeysCommand (`man sshd_config`). Alrighty then, Thomas -- Dr. Thomas Orgis Universität Hamburg RRZ / Zentrale Dienste / HPC Schlüterstr. 70 20146 Hamburg Tel.: 040/42838 8826 Fax: 040/428 38 6270
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- NSS+LDAP+SSH setup with /home shared across several servers,
Rafael Laboissiere
- Re: NSS+LDAP+SSH setup with /home shared across several servers,
Thomas Orgis
- Re: NSS+LDAP+SSH setup with /home shared across several servers,
Rafael Laboissiere
- Re: NSS+LDAP+SSH setup with /home shared across several servers, Thomas Orgis
- Re: NSS+LDAP+SSH setup with /home shared across several servers,
Rafael Laboissiere
- Re: NSS+LDAP+SSH setup with /home shared across several servers, Rafael Laboissiere
- Re: NSS+LDAP+SSH setup with /home shared across several servers,
Rafael Laboissiere
- Re: NSS+LDAP+SSH setup with /home shared across several servers,
Thomas Orgis
- Prev by Date: Re: NSS+LDAP+SSH setup with /home shared across several servers
- Next by Date: Re: NSS+LDAP+SSH setup with /home shared across several servers
- Previous by thread: Re: NSS+LDAP+SSH setup with /home shared across several servers
- Next by thread: Re: NSS+LDAP+SSH setup with /home shared across several servers