[Freeipa-users] AuthorizedKeysCommand for clients using nss-pam-ldapd
Pawel Fiuto
pawel.fiuto at mixrad.io
Mon Sep 14 14:01:23 UTC 2015
Hi Gustavo,
Using settings from 'ipa-advise config-redhat-sssd-before-1-9' with below modifications seems to work quite well:
- on ipa server add permisson to read ipaSshPubKey anonymously:
[ipa-server]# ipa permission-add 'Read ipaSshPubKey' --type=user --attrs=ipaSshPubKey --bindtype=anonymous --permissions=read
[ipa-client]# diff /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig
2c2
< services = nss, pam, ssh
---
> services = nss, pam
12c12
< ldap_search_base = cn=accounts,dc=example,dc=org
---
> ldap_search_base = cn=compat,dc=example,dc=org
14d13
< ldap_user_ssh_public_key = ipaSshPubKey
________________________________
From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Gustavo Mateus <gustavo.mateus at gmail.com>
Sent: 11 September 2015 00:30
To: freeipa-users at redhat.com
Subject: [Freeipa-users] AuthorizedKeysCommand for clients using nss-pam-ldapd
Hi,
I'm trying to setup my Amazon Linux instances to be able to fetch the IPA users public ssh key.
Do I have to setup a binddn and bindpw in the ldap.conf file and use /usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?
Thanks,
Gustavo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150914/33ce7d1c/attachment.htm>
More information about the Freeipa-users
mailing list