Howard Tsai wrote: > On Nov 26, 2007 5:50 AM, Darren J Moffat <[EMAIL PROTECTED]> wrote: >> Howard Tsai wrote: >>> Hi, >>> >>> I installed OpenSolaris w/ Crossbow snapshot (snv_61-xb_15) on an x86 >>> machine and would like to setup LDAP to authenticate ssh logins. The LDAP >>> server is OpenLDAP on a Linux box. >>> >>> I init LDAP client with the following cmd: >>> ldapclient manual \ >>> -a defaultSearchBase=dc=some,dc=edu \ >>> -a defaultServerList=10.0.0.1 \ >>> -a serviceSearchDescriptor=passwd:ou=Users,dc=some,dc=edu \ >>> -a serviceSearchDescriptor=group:ou=Groups,dc=some,dc=edu \ >>> -a serviceAuthenticationMethod=pam_ldap:simple >>> >>> and modified pam.conf by changing "required" into "binding", adding >>> "server_policy", and adding "pam_ldap" lines. >>> >>> While I can see user info by issuing "ldaplist passwd username", users have >>> even no chance to type in passwords when logging in via ssh. What could be >>> wrong? >> Are you actually using keyboard-interactive or password SSH UserAuth >> methods ? Or do you have pubkey or gss-api (ie have kerberos tickets) >> setup ? > > Yes, I would like to login with a password (clear text password via > encrypted tunnel). We don't have kerberos infrastructure here.
Do you have pubkey setup ? ie do you have a ~/.ssh/id_rsa.pub file on the client and a ~/.ssh/authorized_keys file on the server ? What does ssh -v say you are using as the user authentication method ? -- Darren J Moffat _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
