Date: Sat, 3 Mar 2007 21:14:38 +0100 From: =?ISO-8859-1?Q?C=E9dric?= Jonas <cedric@decemplex.net> To: freebsd-questions@FreeBSD.org Subject: sshd: PAM + key authentication Message-ID: <20070303211438.4c759c33@ganymed>
next in thread | raw e-mail | index | archive | help
--Sig_jmSE.OAf7di9E2bQJDVK=nL Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi all, I set up a some sshd servers which authenticates their users through a LDAP DB. To realize this, I used PAM.=20 Everything ok until now.=20 Then, via PAM (pam_filter) and the host attribute in the LDAP DB, I only allowed logon on specifical hosts for some users. After that, I tested this last functionality: I tried to login on a disallowed host, and it fails - so it works as expected. For this test, I used password authentication. Later, I tried the same test with key authentication, and could log in... After some more investigations, it seems sshd ignores PAM when someone tries to log in with a key... is there some way to force sshd to consider PAM in case of key authentication? Thanks you, --=20 C=E9dric Jonas cedric@decemplex.net GPG ID: 30CCFE8D GPG Key: http://box.decemplex.net/~cedric/cedric.key.asc GPG Fingerprint: CF03 E1FD 9428 1B6B E971 B107 9044 AA99 30CC FE8D Jabber-ID: cedric@decemplex.net --Sig_jmSE.OAf7di9E2bQJDVK=nL Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF6dcvkESqmTDM/o0RApBjAJwMxWVRrQ56A7XAUqlZdQuz27E7vQCfcsSu aTLgAz9Ybd4nl0pyK7G7QOo= =QF59 -----END PGP SIGNATURE----- --Sig_jmSE.OAf7di9E2bQJDVK=nL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070303211438.4c759c33>