[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

OpenSSH public key on LDAP using pam_ldap

Hi all,

Is it possible to store OpenSSH RSA public keys into centrally managed LDAP database ? (I'm using Sun One Directory Server 5.2).

I have found a patch at http://ldappubkey.gcu-squad.org/ which is supposed to do this, but I would prefer using a PAM solution here because I also want Apache and Proftpd working through PAM. Using PAM I wouldnt have to configure each application which server to use, etc.

Here is my config:

# Support for LDAP OpenSSH
sshd    auth    sufficient      /usr/lib/security/pam_ldap.so.1
sshd    account sufficient      /usr/lib/security/pam_ldap.so.1
sshd    password        sufficient      /usr/lib/security/pam_ldap.so.1

sshd    password        required       /usr/lib/security/pam_unix.so.1
sshd    auth    required       /usr/lib/security/pam_unix.so.1
sshd    account required       /usr/lib/security/pam_unix.so.1
sshd    session required       /usr/lib/security/pam_unix.so.1

passwd:     files ldap
group:      files ldap
I also noted "publickey:  files" in nsswitch. Maybe this is where SSH will look for SSH keys?


What I want PAM to do is first try local flat-db-files and if not exist try auth on LDAP.

Is it possible to do this with just the pam_ldap module or do I have to use something like the patch I posted?

I also want to make Apache and Proftpd work with PAM-ldap. Has anyone any experience with that?

Help or pointers to other lists appreciated.



Solaris 8
Apache 1.3.x
OpenSSH 3.7.1p2
Proftpd 1.2.8
Sun One Directory Server 5.2

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]