I don't have a sles handy to take a look and see about the password length, but solving the key issue is simple: Edit /etc/ssh/sshd_config and change PubkeyAuthentication to no. This way nobody can login using a key and RACF takes care is auth for you. Em 21/07/2012 16:43, "Florian Bilek" <[email protected]> escreveu:
> Dear all, > > I have a quite some difficult problems in the configuration of SLES 11 SP2 > and SSH when using LDAP (on z/VM with RACF) for user authentication. > > That configuration works in principle quite well. Nevertheless I have > following issues which I don't know how to solve: > > 1.) In this configuration I have now three components (RACF, LDAP and SLES) > who can enforce password checking rules. In LDAP and RACF there are NO > rules set yet. > I have tried several combinations in the PAM configs but I do not succeed > in having one common policy. I want to have a minimum length of 5 > characters but I cannot convince SLES to allow this. It asks always for > minimum 6 characters. > > 2.) In principle the login via SSH is working very good. I encountered > recently a kind of weakness in the configuration: A RACF user that uses its > own RSA keys to log into the system. When I do a RACF revoke on that user, > it seems that the LDAP check not takes place and the user can still login. > What can be done about that? > > Do you have any hints how those problems can be solved? > Of course it has to do with PAM configuration but for the moment is looks > like voodoo to me. Any help would be appreciated. > > Thank you very much in advance. > -- > Best regards > > Florian > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
