Date: Sun, 04 Mar 2007 16:39:29 +0000 From: Tom Judge <tom@tomjudge.com> To: =?ISO-8859-1?Q?C=E9dric_Jonas?= <cedric@decemplex.net> Cc: freebsd-questions@FreeBSD.org Subject: Re: sshd: PAM + key authentication Message-ID: <45EAF641.2020603@tomjudge.com> In-Reply-To: <20070303211438.4c759c33@ganymed> References: <20070303211438.4c759c33@ganymed>
next in thread | previous in thread | raw e-mail | index | archive | help
Cédric Jonas wrote: > Hi all, > > I set up a some sshd servers which authenticates their users through a > LDAP DB. To realize this, I used PAM. > Everything ok until now. > > Then, via PAM (pam_filter) and the host attribute in the LDAP DB, I only > allowed logon on specifical hosts for some users. > After that, I tested this last functionality: I tried to login on a > disallowed host, and it fails - so it works as expected. For this test, > I used password authentication. Later, I tried the same test with key > authentication, and could log in... > After some more investigations, it seems sshd ignores PAM when someone > tries to log in with a key... is there some way to force sshd to > consider PAM in case of key authentication? > > Thanks you, > There are some patches available for sshd that allow you to control both the SSH keys using an LDAP database and which users can log on to the ssh server (using both password/key based authentication i believe [I have never personally tested with password auth as our servers are set to key based auth only]). I can send patches against 6.1/6.2 if required. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45EAF641.2020603>