[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Re: ssh public keys and pam



On Thu, Oct 20, 2005 at 09:25:42PM +0000, Daniel Jacober wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jason
> 
> Yes that's exactly what I would like to do.
> I would like to store the SSH public keys in an LDAP - Directory
> instead of storing them locally.
> Then I would like to authenticate against those keys. This way I could
> control access to all our servers via LDAP.
> 
> I first tried to hack pam_ldap - module but I read about issues in a
> newsgroup
> 
> http://www.opensolaris.org/jive/thread.jspa?threadID=614&tstart=15
> 
> Therefore I tried to make my own module. But I can't find a way to get
> the public key into the pam-module. All I get is the password after
> SSH pubkey authentication fails.
> 
> Any hint on this subject is greatly appreciated.
> 
> Regards Daniel

It seems that SSH can't fetch keys using PAM or LDAP. Furthermore,
SSHd don't use PAM in case if user is authentificating using 
public keys.

You must patch SSHd to fetch keys from LDAP, or write PAM module
that will communicate with ssh client and verify keys manually.
Probably, this can't be achived, because you must initiate
key exchange procedure with client.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]