Hello, Im working on a simple network with a LDAP server and some clients. Ive configured host based authentication based on pam_filter.
Im using 4.3p2 version on server and clients with [...] ChallengeResponseAuthentication no UsePrivilegeSeparation yes RSAAuthentication yes PubkeyAuthentication yes # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes #UseLogin no UsePAM yes [...] I can choose the hosts a unix user have access to by adding the "accessto" attribute. In every client, I have the next entry on pam_ldap.conf pam_filter objectclass=posixAccount)(|(trustmodel=fullaccess) (accessto=serverhostname). It works using ssh connections with password mechanism, gdm or just login. But Ive created a public key pair with ssh-keygen, and I can log in all the clients ($HOME throw NFS) although my user has no "accessto" attribute for these hosts. My pam configuration: # /etc/pam.d/common-account - authorization settings common to all services account [success=1 default=ignore] pam_unix.so account required pam_ldap.so account required pam_permit.so # /etc/pam.d/common-auth - authentication settings common to all services auth [success=1 default=ignore] pam_unix.so auth required pam_ldap.so use_first_pass auth required pam_permit.so # /etc/pam.d/common-password - password-related modules common to all services password required pam_cracklib.so retry=3 minlen=6 difok=3 password [success=1 default=ignore] pam_unix.so use_authtok md5 password required pam_ldap.so use_first_pass use_authtok md5 password required pam_permit.so # /etc/pam.d/common-session - session-related modules common to all services session required pam_unix.so is this a ssh and PAM integration configuration problem? Thanks in advance Enrique -- Enrique de la Torre Gordaliza Departamento de Arquitectura de Computadores y Automática Desp. 220A, Facultad CC. FĂsicas, Univ. Complutense de Madrid Tlfn: 91 394 4389