Cédric Jonas wrote:
I set up a some sshd servers which authenticates their users through a
LDAP DB. To realize this, I used PAM.
Everything ok until now.
Then, via PAM (pam_filter) and the host attribute in the LDAP DB, I only
allowed logon on specifical hosts for some users.
After that, I tested this last functionality: I tried to login on a
disallowed host, and it fails - so it works as expected. For this test,
I used password authentication. Later, I tried the same test with key
authentication, and could log in...
After some more investigations, it seems sshd ignores PAM when someone
tries to log in with a key... is there some way to force sshd to
consider PAM in case of key authentication?
There are some patches available for sshd that allow you to control both
the SSH keys using an LDAP database and which users can log on to the
ssh server (using both password/key based authentication i believe [I
have never personally tested with password auth as our servers are set
to key based auth only]). I can send patches against 6.1/6.2 if required.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"