Please don't top post. It disrupts the flow of the conversation. (See below for my response.)

--On Wednesday, March 26, 2008 4:01 PM +0100 Frank Bonnet <[EMAIL PROTECTED]> wrote:


After having spent several hours on it I can't have a working
ssh access that use PAM_LDAP on a freebsd 6/7 machine !

I have no problem on a Linux Debian etch box ...

Where are we going if Linux works better than BSD ? :-)

Setting up pam ldap ssh access on a FreeBSD box takes less than five minutes *after* installing the correct ports.

1) net/openldap-client
2) security/pam_ldap

Then configure ldap.conf (in /usr/local/etc/) which is quite simple:
host {your ldap server(s) either hostname(s) or ip(s) in a space-separate list
dc (your dn)

Then configure /etc/pam.d/sshd thus:
auth sufficient /usr/local/lib/ no_warn try_first_pass

That's all that is needed.

If it doesn't work, fire up wireshark (port) or tcpdump (base) and see what the problem is.

You needn't even bother creating local passwords for accounts. Just create the account without one, and with pam/ssh/ldap, they can login and use their assigned shell/do whatever you've authorized them to do.

Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to