From owner-freebsd-questions@FreeBSD.ORG Sat Mar 3 20:38:47 2007 Return-Path: X-Original-To: freebsd-questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5DDCC16A404 for ; Sat, 3 Mar 2007 20:38:47 +0000 (UTC) (envelope-from cedric@decemplex.net) Received: from mail.decemplex.net (mail.decemplex.net [80.237.247.202]) by mx1.freebsd.org (Postfix) with ESMTP id 07FA413C4AA for ; Sat, 3 Mar 2007 20:38:46 +0000 (UTC) (envelope-from cedric@decemplex.net) Received: from localhost (mail.decemplex.net [80.237.247.202]) by mail.decemplex.net (Postfix) with ESMTP id B66A17D1A74 for ; Sat, 3 Mar 2007 21:14:42 +0100 (CET) X-Virus-Scanned: amavisd-new at decemplex.net Received: from mail.decemplex.net ([80.237.247.202]) by localhost (mail.decemplex.net [80.237.247.202]) (amavisd-new, port 10024) with LMTP id f0Rki8GDPJU9 for ; Sat, 3 Mar 2007 21:14:42 +0100 (CET) Received: from decemplex.loc (12-178-112-217.dyn.adsl.belcenter.be [217.112.178.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.decemplex.net (Postfix) with ESMTP id 3E7237D1941 for ; Sat, 3 Mar 2007 21:14:42 +0100 (CET) Date: Sat, 3 Mar 2007 21:14:38 +0100 From: =?ISO-8859-1?Q?C=E9dric?= Jonas To: freebsd-questions@FreeBSD.org Message-ID: <20070303211438.4c759c33@ganymed> X-Mailer: Claws Mail 2.8.0 (GTK+ 2.10.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_jmSE.OAf7di9E2bQJDVK=nL"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: Subject: sshd: PAM + key authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2007 20:38:47 -0000 --Sig_jmSE.OAf7di9E2bQJDVK=nL Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi all, I set up a some sshd servers which authenticates their users through a LDAP DB. To realize this, I used PAM.=20 Everything ok until now.=20 Then, via PAM (pam_filter) and the host attribute in the LDAP DB, I only allowed logon on specifical hosts for some users. After that, I tested this last functionality: I tried to login on a disallowed host, and it fails - so it works as expected. For this test, I used password authentication. Later, I tried the same test with key authentication, and could log in... After some more investigations, it seems sshd ignores PAM when someone tries to log in with a key... is there some way to force sshd to consider PAM in case of key authentication? Thanks you, --=20 C=E9dric Jonas cedric@decemplex.net GPG ID: 30CCFE8D GPG Key: http://box.decemplex.net/~cedric/cedric.key.asc GPG Fingerprint: CF03 E1FD 9428 1B6B E971 B107 9044 AA99 30CC FE8D Jabber-ID: cedric@decemplex.net --Sig_jmSE.OAf7di9E2bQJDVK=nL Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF6dcvkESqmTDM/o0RApBjAJwMxWVRrQ56A7XAUqlZdQuz27E7vQCfcsSu aTLgAz9Ybd4nl0pyK7G7QOo= =QF59 -----END PGP SIGNATURE----- --Sig_jmSE.OAf7di9E2bQJDVK=nL--