From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <44D6D5A3.4040201@altlinux.ru> Date: Mon, 07 Aug 2006 09:54:43 +0400 From: Anton Gorlov User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: ALT Linux sysadmin discuss Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit Subject: [Sysadmins] pam_ldap &ssh X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.7 Precedence: list Reply-To: ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Aug 2006 05:54:46 -0000 Archived-At: List-Archive: Понадобилось ещё и по ssh на некоторые сервера пускать юзеров из LDAP. (тех,у кого shell !=/dev/null) поправил /etc/pam.d/ssh [root@gws auth]# cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_userpass.so auth sufficient pam_ldap.so use_first_pass auth required pam_tcb.so shadow fork prefix=$2a$ count=8 nullok nodelay blank_nolog use_first_pass auth required pam_nologin.so account include system-auth password include system-auth session include system-auth Вроде всё работает...но в логах кое-что смущает: Aug 5 13:28:10 gws sshd[8413]: pam_ldap: error trying to bind as user "uid=user,ou=Users,dc=work,dc=com,dc=ru" (Invalid credentials) Aug 5 13:28:10 gws sshd[8413]: pam_tcb(sshd:auth): Authentication failed for user from (uid=0) Aug 5 13:28:13 gws sshd[8414]: Accepted password for user from 192.168.1.184 port 2440 ssh2 Aug 5 13:28:13 gws sshd[8419]: pam_tcb(sshd:session): Session opened for user by (uid=11000) Почему вначале он ругается на неправильный credentials, а потом всё Ок? np: Crematory - Believe - Caroline