> Message: 15 > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Date: Wed, 22 May 2002 14:14:10 +1000 > Subject: [Samba] PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate SSH > > Hello, > > I'm currently running winbind (from Samba 2.2.3a) so that our > Windows users can ssh into our Linux box. I've set up Samba, > PAM and winbind, and it's working well. Users can see their > files, and they can log in using their windows usernames. No > problem. > > When users access their Samba share, they don't need > to reauthenticate, because they've already done so with > the PDC via their Windows box. > > Is there a way to set up PAM so that authenticated Windows > users who ssh into the Linux box don't need to type a > password? (This will make using CVS much easier) >
If you get them to generate ssh-keys, and put the public key in ~/.ssh/authorized_keys on the server, then they won't need passwords. You will either: 1)Have to get ssh-agent working on windows (I haven't managed, but Putty's pageant does work, but that's not what you want for cvs) 2)Create keys without passphrases. Just check the perms on ~/.ssh, ssh is quite sticky (for good reason). Must be 700 on ~/.ssh, and 600 on ~/.ssh/* except for ~/.ssh/*public* Since we have Z: mapped as the home directory on our samba server, we set the HOME env variable on windows to Z:, which ensures that cygwin ssh uses the same .ssh as linux :-). > I have looked at winbind, pam_smb_pass, pam_smb_auth and > pam_ntdom but can't seem to find any clearcut answer to > this question. Has anyone thought of writing a pam_ntlm (or something) module that would do the same? Or should pam_winbind handle this? Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
