[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

OpenSSH public key on LDAP using pam_ldap



Hi all,

Is it possible to store OpenSSH RSA public keys into centrally managed LDAP database ? (I'm using Sun One Directory Server 5.2).

I have found a patch at http://ldappubkey.gcu-squad.org/ which is supposed to do this, but I would prefer using a PAM solution here because I also want Apache and Proftpd working through PAM. Using PAM I wouldnt have to configure each application which server to use, etc.

Here is my config:

/etc/pam.conf
# Support for LDAP OpenSSH
sshd    auth    sufficient      /usr/lib/security/pam_ldap.so.1
sshd    account sufficient      /usr/lib/security/pam_ldap.so.1
sshd    password        sufficient      /usr/lib/security/pam_ldap.so.1

sshd    password        required       /usr/lib/security/pam_unix.so.1
sshd    auth    required       /usr/lib/security/pam_unix.so.1
sshd    account required       /usr/lib/security/pam_unix.so.1
sshd    session required       /usr/lib/security/pam_unix.so.1

/etc/nsswitch.conf
passwd:     files ldap
group:      files ldap
I also noted "publickey:  files" in nsswitch. Maybe this is where SSH will look for SSH keys?

/var/ldap/ldap_client_file
NS_LDAP_SERVERS=xxx:389
NS_LDAP_SEARCH_BASEDN=dc=xxx,dc=com

What I want PAM to do is first try local flat-db-files and if not exist try auth on LDAP.

Is it possible to do this with just the pam_ldap module or do I have to use something like the patch I posted?

I also want to make Apache and Proftpd work with PAM-ldap. Has anyone any experience with that?

Help or pointers to other lists appreciated.


Cheers,

Magnus

System:
Solaris 8
Apache 1.3.x
OpenSSH 3.7.1p2
Proftpd 1.2.8
Sun One Directory Server 5.2



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]