RE: ssh public key auth using pam_ldap
[Date Prev][Date Next] [Thread Prev][Thread Next]RE: ssh public key auth using pam_ldap
- From: "Dana, Jason T." <Jason.Dana [at] jhuapl.edu>
- To: Dan Finn <Dan.Finn [at] plansource.com>, "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: RE: ssh public key auth using pam_ldap
- Date: Wed, 29 Apr 2020 11:45:46 +0000
Hi Jason,
We are doing this currently however we only allow public key authentication, password based authentication is disabled. I’m not sure if you can mix and match but this is what we went with. Here is a gist with the relevant configs
and some info that may be helpful:
https://gist.github.com/danfinn/38fc588f4386724376b44db781ab0405
Dan Thank you very much for this! Your usage of pam_deny gave me an idea. I’m fairly new to PAM and am still wrapping my head around things. I’m on a CentOS 7 box, so I’m not sure the common-* files are read by the version of PAM we have installed. At the very least, I could not get them to be read. So, I added pam_deny.so to the top of the sshd pam.d file and worked my way
up. All it took was the following to be at the top of the file: account sufficient pam_ldap.so account required pam_deny.so If I add the pam_unix.so into the stack, it will allow users in that have added their public key to their authorized_keys. I believe this solves my issue for the most part. Thanks again! |
- RE: ssh public key auth using pam_ldap, (continued)
- RE: ssh public key auth using pam_ldap, Dana, Jason T.
- Re: ssh public key auth using pam_ldap, Dan Finn
- Re: ssh public key auth using pam_ldap, Trent W. Buck
- Re: ssh public key auth using pam_ldap, Arthur de Jong
- RE: ssh public key auth using pam_ldap, Dana, Jason T.
- Prev by Date: Re: ssh public key auth using pam_ldap
- Next by Date: Requests block when ldap server is not available
- Previous by thread: Re: ssh public key auth using pam_ldap
- Next by thread: Requests block when ldap server is not available