[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

ssh public keys and pam

Hash: SHA1

Hi all

After studying documentation and searching google for several hours
I'm posting this message here with the hope to find someone being able
to answer my questions.

Here's what I'm trying to do:
I would like to store my public keys centrally on an LDAP - Server and
redirect public key authentication with PAM to the LDAP - Server. I
read on


that there are some issues with pam_ldap - module and public key login
so therefore I decided to write my own module.
The only trouble is I can do what ever I want, I can't get the key
sent by the ssh-client into my pam module. It seems as ssh completely
ignores pam when I make login with public keys. If I put
authorized_keys - file in place, the login succeeds without taking
notice of the pam modules. If I remove the files I can't get hold of
the public keys.

I read in a news group article that I should use pam_listfile but this
didn't help neither.
Here's my current pam config:

sshhost pam.d # cat sshd

auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_listfile.so item=user
sense=allow onerr=fail file=/etc/listfile.conf
auth       required     /lib/security/pam_ldap_pkey.so
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix.so shadow nullok

account    required     /lib/security/pam_listfile.so item=user
sense=allow onerr=fail file=/etc/listfile.conf
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix.so

password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_unix.so nullok use_authtok

session    required     /lib/security/pam_unix.so

If anyone has an idea help would be greatly appreciated.

Regards Daniel

Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]