>> Ok. I have it working now. The problem was my sshd_config wasn't setup to >> authenticate using PAM modules. Seems it's turned off by default (I'f I'm >> reading this correctly).
> You're probably not. PAM is always used to authenticate passwords, > IIRC. Even through SSH? It wasn't working until I enabled PAMAuthenticationViaKbdInt. The default is off and the man page for sshd mentions it "specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response authentication modules..." Until It was enabled I was unable to use LDAP for authentication. >> When I login now I see a message reporting it's creating the users home >> directory however no directory is created. If I chmod 777 /home then the >> directory is created (obviously I don't want to do this). > A quick search suggests that this is probably due to SSH's new privilege > separation. You may be able to work around the problem by turning off > privilege separation in sshd_config. Problem is I'm requiring it for security reasons. Tough call. 777 to /home or no priv seperation. I think I'll check out the PAM modules code and see if there is a work around. >> I wonder if setting a bind user/password would resolve the problem. >> Currently I connect anonymously to the LDAP server (for testing purposes only) > Binding anonymously will be slightly faster/less overhead and probably more secure. More secure? As I understand it, binding anonymously gives the world the right to query my LDAP server. Binding with a proxyuser/password restricts who can query the system. I'm not sure I understand. Thx for all the help guys. Hoping to roll this solution out soon. Looking really good Regards. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
