Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ?
Paul Schmehl
pauls at utdallas.edu
Wed Mar 26 14:28:45 PDT 2008
Please don't top post. It disrupts the flow of the conversation. (See
below for my response.)
--On Wednesday, March 26, 2008 4:01 PM +0100 Frank Bonnet
<f.bonnet at esiee.fr> wrote:
> Hello
>
> After having spent several hours on it I can't have a working
> ssh access that use PAM_LDAP on a freebsd 6/7 machine !
>
> I have no problem on a Linux Debian etch box ...
>
> Where are we going if Linux works better than BSD ? :-)
>
Setting up pam ldap ssh access on a FreeBSD box takes less than five
minutes *after* installing the correct ports.
1) net/openldap-client
2) security/pam_ldap
Then configure ldap.conf (in /usr/local/etc/) which is quite simple:
host {your ldap server(s) either hostname(s) or ip(s) in a space-separate
list
dc (your dn)
Then configure /etc/pam.d/sshd thus:
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass
That's all that is needed.
If it doesn't work, fire up wireshark (port) or tcpdump (base) and see what
the problem is.
You needn't even bother creating local passwords for accounts. Just create
the account without one, and with pam/ssh/ldap, they can login and use
their assigned shell/do whatever you've authorized them to do.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list