Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ?

Paul Schmehl pauls at
Wed Mar 26 14:28:45 PDT 2008

Please don't top post.  It disrupts the flow of the conversation.  (See 
below for my response.)

--On Wednesday, March 26, 2008 4:01 PM +0100 Frank Bonnet 
<f.bonnet at> wrote:

> Hello
> After having spent several hours on it I can't have a working
> ssh access that use PAM_LDAP on a freebsd 6/7 machine !
> I have no problem on a Linux Debian etch box ...
> Where are we going if Linux works better than BSD ? :-)

Setting up pam ldap ssh access on a FreeBSD box takes less than five 
minutes *after* installing the correct ports.

1) net/openldap-client
2) security/pam_ldap

Then configure ldap.conf (in /usr/local/etc/) which is quite simple:
host {your ldap server(s) either hostname(s) or ip(s) in a space-separate 
dc (your dn)

Then configure /etc/pam.d/sshd thus:
auth            sufficient      /usr/local/lib/      no_warn 

That's all that is needed.

If it doesn't work, fire up wireshark (port) or tcpdump (base) and see what 
the problem is.

You needn't even bother creating local passwords for accounts.  Just create 
the account without one, and with pam/ssh/ldap, they can login and use 
their assigned shell/do whatever you've authorized them to do.

Paul Schmehl (pauls at
Adjunct Information Security Officer
The University of Texas at Dallas

More information about the freebsd-questions mailing list