 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev- | Prev- | Debian- | Feb- | Next- | Next- |
| Subject: | Password authentication with LDAP and SSH |
| Group: | Debian-security |
| From: | Jonas Liljenfeldt |
| Date: | 1 Feb 2006 |
Hello all,
I run Debian Sarge and I have a problem with my SSH server (in
combination with password authentication and LDAP). It doesn't work
well with password authentication when I try to login as a LDAP user
but it works well for users in /etc/passwd. If I try to login as a LDAP
user via SSH and keyboard interactive as autentication mechanism it
works good.
In /var/log/auth.log this message appears when a LDAP user tries to
login with password authentication:
Feb 1 06:54:28 hostname sshd[4691]: Failed password for username
from ::ffff:127.0.0.1 port 53071 ssh2
In /etc/nsswith I have:
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
#services compat ldap
ethers: db files
rpc: db files
netgroup: nis
The SSH server is told to use PAM (UsePAM yes) and accept password
authentication (PasswordAuthentication yes). The SSH server also reports
that it accepts password authentication.
In /etc/pam.d/pam_ldap.conf I have tried with some different values for
the "pam_password" parameter (like the algoritm used in LDAP for a test
user's password). Still no success. Are there are any usual mistakes
for that configuration file?
I once tried to add a LDAP user in /etc/passwd and /etc/shadow too and
then it worked. I gave the LDAP user the same password as another user
in /etc/shadow and logged in. It is of course not a nice solution to
syncronize the LDAP database with /etc/passwd and /etc/shadow though...
Any answers are appreciated.
| Prev- | Prev- | Debian- | Feb- | Next- | Next- |