Hi Mauro, Thank you for this hint. I hope it can be possible to check both ways and not disable the certificate logins.
Kind regards, Florian On Sun, Jul 22, 2012 at 3:30 AM, Mauro Souza <[email protected]> wrote: > I don't have a sles handy to take a look and see about the password length, > but solving the key issue is simple: > Edit /etc/ssh/sshd_config and change PubkeyAuthentication to no. This way > nobody can login using a key and RACF takes care is auth for you. > Em 21/07/2012 16:43, "Florian Bilek" <[email protected]> escreveu: > > > Dear all, > > > > I have a quite some difficult problems in the configuration of SLES 11 > SP2 > > and SSH when using LDAP (on z/VM with RACF) for user authentication. > > > > That configuration works in principle quite well. Nevertheless I have > > following issues which I don't know how to solve: > > > > 1.) In this configuration I have now three components (RACF, LDAP and > SLES) > > who can enforce password checking rules. In LDAP and RACF there are NO > > rules set yet. > > I have tried several combinations in the PAM configs but I do not succeed > > in having one common policy. I want to have a minimum length of 5 > > characters but I cannot convince SLES to allow this. It asks always for > > minimum 6 characters. > > > > 2.) In principle the login via SSH is working very good. I encountered > > recently a kind of weakness in the configuration: A RACF user that uses > its > > own RSA keys to log into the system. When I do a RACF revoke on that > user, > > it seems that the LDAP check not takes place and the user can still > login. > > What can be done about that? > > > > Do you have any hints how those problems can be solved? > > Of course it has to do with PAM configuration but for the moment is looks > > like voodoo to me. Any help would be appreciated. > > > > Thank you very much in advance. > > -- > > Best regards > > > > Florian > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Best regards Florian Bilek ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
