Re: ssh public key auth using pam_ldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: ssh public key auth using pam_ldap
- From: "Norman Gray" <gray [at] nxg.name>
- To: "Dana, Jason T." <Jason.Dana [at] jhuapl.edu>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: ssh public key auth using pam_ldap
- Date: Tue, 28 Apr 2020 17:38:52 +0100
Jason, hello.
On 28 Apr 2020, at 17:30, Dana, Jason T. wrote:
I am trying to configure pam and/or nslcd to query an AD/LDAP server
when a user accesses a system via SSH using public key authentication.
I have successfully configured nslcd to query the AD/LDAP server and
filter on a specific group. Unfortunately it does not appear to apply
if the user is accessing the system using public key authentication. I
have attempted a number of different sshd pam configuration changes
and have added a pam_authz_search entry to nslcd.conf, but
unfortunately none appear to be getting used.
The way I've set this up is by storing the public key in the LDAP
database, and using the sshd_config AuthorizedKeysCommand to do a lookup
by username. That ignores any key in ~/.ssh/authorized_keys.
Is that what you're aiming for? I can add further details if so.
Note that that doesn't involve PAM at all (IIRC) -- it's the ssh daemon
that does the lookup and checks the key.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk
