[Freeipa-users] AuthorizedKeysCommand for clients using nss-pam-ldapd
Gustavo Mateus
gustavo.mateus at gmail.com
Mon Sep 14 17:01:57 UTC 2015
I did not try that setup because the config-redhat-sssd-before-1-9 because
its description says it works with version 1.5 - 1.8, and Amazon linux has
1.2
config-redhat-sssd-before-1-9 : Instructions for configuring a
system
with an old version of SSSD
(1.5-1.8)
as a IPA client. This set of
instructions is targeted for
platforms that include the
authconfig
utility, which are all Red Hat
based
platforms.
It is good to know that it works. I'll give it a try.
Thanks,
Gustavo
On Mon, Sep 14, 2015 at 7:01 AM, Pawel Fiuto <pawel.fiuto at mixrad.io> wrote:
> Hi Gustavo,
>
> Using settings from 'ipa-advise config-redhat-sssd-before-1-9' with below
> modifications seems to work quite well:
>
> - on ipa server add permisson to read ipaSshPubKey anonymously:
>
> [ipa-server]# ipa permission-add 'Read ipaSshPubKey' --type=user
> --attrs=ipaSshPubKey --bindtype=anonymous --permissions=read
>
> [ipa-client]# diff /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig
> 2c2
> < services = nss, pam, ssh
> ---
> > services = nss, pam
> 12c12
> < ldap_search_base = cn=accounts,dc=example,dc=org
> ---
> > ldap_search_base = cn=compat,dc=example,dc=org
> 14d13
> < ldap_user_ssh_public_key = ipaSshPubKey
>
>
>
> ------------------------------
> *From:* freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com>
> on behalf of Gustavo Mateus <gustavo.mateus at gmail.com>
> *Sent:* 11 September 2015 00:30
> *To:* freeipa-users at redhat.com
> *Subject:* [Freeipa-users] AuthorizedKeysCommand for clients using
> nss-pam-ldapd
>
> Hi,
>
> I'm trying to setup my Amazon Linux instances to be able to fetch the IPA
> users public ssh key.
>
> Do I have to setup a binddn and bindpw in the ldap.conf file and use
> /usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?
>
> Thanks,
> Gustavo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150914/c61e0524/attachment.htm>
More information about the Freeipa-users
mailing list