Date: Tue, 25 Mar 2008 10:41:43 -0400 From: "Brian A. Seklecki" <bseklecki@collaborativefusion.com> To: Frank Bonnet <f.bonnet@esiee.fr> Cc: freebsd-questions@freebsd.org Subject: Re: Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ? Message-ID: <1206456103.18298.88.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> In-Reply-To: <47E90D72.3060909@esiee.fr> References: <47E90D72.3060909@esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem is that the PAM libraries provide a shit-fuck-ass-worthless debug mechanisms. This only eclipsed by the terribly organized information on LDAP+NSS+PAM for FreeBSD on the web. The file is the same for pam.d/system and /usr/local/etc/pam.d/sudo. Please put this on the OpenLDAP / PADL Wiki somewhere: seklecki@fucksake:/home/seklecki$ more /etc/pam.d/sshd # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth #auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account required /usr/local/lib/pam_ldap.so ignore_authinfo_unavail ignore_unknown_user account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so session sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass #password required /usr/local/lib/pam_ldap.so no_warn try_first_pass Also try: $ grep -i debug /usr/local/etc/ldap.conf #debug 1 $ grep -i debug /usr/local/etc/nss_ldap.conf #debug 1 Higher levels for fun. ~BAS On Tue, 2008-03-25 at 15:34 +0100, Frank Bonnet wrote: > Hello > > I can't get a working sshd access using pam_ldap and nss_ldap > > /etc/nsswitch.conf is OK > > but I'm having difficulties to configure pam_ldap for a ssh access > on a machine ( 6.3 or 7.0 ) ... I have been trying a lot to configure > the /etc/pam.d/sshd file but haven't any success (sigh!) > > Anyone could helps ? > > Thanks a lot ! > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Brian A. Seklecki <bseklecki@collaborativefusion.com> Collaborative Fusion, Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1206456103.18298.88.camel>