On 7/31/07, Edward Reiss <[EMAIL PROTECTED]> wrote: > Greetings, > > Has anyone got ssh to authenticate to SecureID? We have to use the version > of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It
- You have make sure your sshd is pam enabled. ldd `which sshd` should have libpam in there. - man sshd_config. Depending on your sshd_config file you need enable either one of the two `UsePAM' or `PAMAuthenticationViaKBDInt' We enabled the radius daemon on our SecurID ACE server (RSA) and using pam_radius (of Freeradius) instead. If you choose that path you need to pick a radius secret key and need to add that key for your client on ACE database. Most of our servers using some flavor of ssh (openssh or sunssh or ssh) and pam_radius It basically prompts for Password: (you put your passcode here). We also have sudo with pam enabled. So there is no local password needed for users. These are files I needed to modify - /etc/raddb/server (only can access raddb dir) - /etc/pam.conf - just two extra lines; one for sshd and one for sudo - /etc/ssh/sshd_config OR /usr/local/etc/sshd_config > seems Solaris always tries to authenticate locally even after I configure It has nothing to do with Solaris. It is SSHD that you need to configure right. > pam.conf. RSA has a "work around" but they do not support even the work > around. RSA will support OpenSSH, but not the sshd included with Solaris. > The problem is not ssh difference. It is all handled by pam. Both SunSSH and OpenSSH knows how to communicate with PAM if they are compiled with pam library. > Any help would be appreciated. > > _______________________________ > > Edward Reiss <[EMAIL PROTECTED]> > Cell > 631.681.7181 > Landline > 518.533.9764 > Fax > 631.881.5545 > Quis custodiet ipsos custodes? > > _______________________________ > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
