[ale] ssh + ldap

Jerald Sheets questy at gmail.com
Thu Mar 19 08:21:44 EDT 2009


Why not use the pam integration to LDAP through your /etc/pam.d/system- 
auth and/or sshd files.  In that way, let pam manage the communication  
with LDAP on behalf of SSH.

There's also some real cool features of group-based authentication/ 
access in /etc/security/access.conf you should look at.  It's the  
first time I've had opportunity to use it and is quite nice.

It seems a little redundant to not just tie pam in rather than tying  
both pam and sshd in.

Or, maybe I'm not understanding the way you're implementing.  Could  
you expand a little on that?  (I'm doing the same thing for CNN right  
now)


--j



On Mar 19, 2009, at 6:48 AM, Kenneth Ratliff wrote:

>
> On Mar 18, 2009, at 10:04 PM, Jim Kinney wrote:
>
>> cool idea: park ssh pub keys in ldap for large installation.
>>
>> http://code.google.com/p/openssh-lpk/
>
>
> Yeah this occurred to me when I was busy integrating my home network  
> with LDAP to get everything to single signon. There's just something  
> about patching OpenSSH that makes me unhappy, though.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090319/335ac373/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090319/335ac373/attachment-0001.bin 


More information about the Ale mailing list