Hello;
I am having difficulties setting up ssh (ossh4.3p2 with PAM-enabled - NIS
-Solaris8/Sparc) to authenticate and allow users passwordless entry based
solely on one or more of the following:
1. User is a member of an NIS 'group', say group1, and this group has been
setup within sshd_config using "AllowGroup group1".
2. User and/or host is a valid member of NIS 'netgroup', whereby the client
host has been defined as being a part of netgroup named netgroup1 or the
user from 'any' machine as being a part of netgroup netgroup2. In this case
I am using "AllowGroup netgroup1 netgroup2".
Authentication is already setup properly for rsh and rsh denies users based
on their host and/or user, all from NIS and depending what is contained
within /etc/hosts.equiv and/or /.rhosts. What I wish to do is to duplicate
this within ossh.
For instance, I have three machines.
host-A - this machines root can log into anywhere and denies all machines
not belonging to netgroup X
host-B - this machine does not belong to netgroup X and is denied access to
machines in this netgroup. This machine is a member of netgroup Y and allows
root logins from machines in netgroup X and Y. (X is not restricted
anywhere) as well as 'netgroup' [EMAIL PROTECTED]
host-C - this machine belongs to netgroup Z, accepts connections from
netgroups [EMAIL PROTECTED] [EMAIL PROTECTED] and [EMAIL PROTECTED]
I am having alot of trouble finding information on how to get NIS netgroup
to work into my sshd_config. Since I am using PAM, should my pam.conf
contain some special information for ssh w/PAM? Do I need any special pam
modules?
Should I create a special /etc/shosts.equiv and/or ~.shosts file/s? If so,
what should I place into my sshd_config for the above?
Many thanks in advance,
.vp
