Is it possible to store OpenSSH RSA public keys into centrally managed LDAP database ? (I'm using Sun One Directory Server 5.2).
I have found a patch at http://ldappubkey.gcu-squad.org/ which is supposed to do this, but I would prefer using a PAM solution here because I also want Apache and Proftpd working through PAM. Using PAM I wouldnt have to configure each application which server to use, etc.
Here is my config:
# Support for LDAP OpenSSH
sshd auth sufficient /usr/lib/security/pam_ldap.so.1
sshd account sufficient /usr/lib/security/pam_ldap.so.1
sshd password sufficient /usr/lib/security/pam_ldap.so.1
sshd password required /usr/lib/security/pam_unix.so.1
sshd auth required /usr/lib/security/pam_unix.so.1
sshd account required /usr/lib/security/pam_unix.so.1
sshd session required /usr/lib/security/pam_unix.so.1
passwd: files ldap
group: files ldap
I also noted "publickey: files" in nsswitch. Maybe this is where SSH will look for SSH keys?
What I want PAM to do is first try local flat-db-files and if not exist try auth on LDAP.
Is it possible to do this with just the pam_ldap module or do I have to use something like the patch I posted?
I also want to make Apache and Proftpd work with PAM-ldap. Has anyone any experience with that?
Help or pointers to other lists appreciated.
Sun One Directory Server 5.2