Re: ssh public key auth using pam_ldap

[Dan Finn <Dan.Finn [at] plansource.com>]

Hi Jason,

 

We are doing this currently however we only allow public key authentication, password based authentication is disabled.  I’m not sure if you can mix and match but this is what we went with.  Here is a gist with the relevant configs and some info that may be helpful:

 

https://gist.github.com/danfinn/38fc588f4386724376b44db781ab0405

 

Dan

 

 

 

From: nss-pam-ldapd-users <nss-pam-ldapd-users-bounces+dfinn=plansource.com@lists.arthurdejong.org> on behalf of "Dana, Jason T." <Jason.Dana@jhuapl.edu>
Date: Tuesday, April 28, 2020 at 10:32 AM
To: "nss-pam-ldapd-users@lists.arthurdejong.org" <nss-pam-ldapd-users@lists.arthurdejong.org>
Subject: ssh public key auth using pam_ldap

 

CAUTION: This email originated from outside of the organization.

---

I am trying to configure pam and/or nslcd to query an AD/LDAP server when a user accesses a system via SSH using public key authentication.

 

I have successfully configured nslcd to query the AD/LDAP server and filter on a specific group. Unfortunately it does not appear to apply if the user is accessing the system using public key authentication. I have attempted a number of different sshd pam configuration changes and have added a pam_authz_search entry to nslcd.conf, but unfortunately none appear to be getting used.

 

Is this even possible or am I going down the wrong route?

 

Any help would be greatly appreciated! Thank you!

 

Jason

This email may contain confidential or protected material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.