On 7/31/07, Edward Reiss <ed.reiss@convdata.com> wrote:
Greetings,
Has anyone got ssh to authenticate to SecureID? We have to use the version
of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It
- You have make sure your sshd is pam enabled.
ldd `which sshd` should have libpam in there.
- man sshd_config. Depending on your sshd_config file you need enable
either one of the two `UsePAM' or `PAMAuthenticationViaKBDInt'
We enabled the radius daemon on our SecurID ACE server (RSA) and using
pam_radius (of Freeradius) instead. If you choose that path you need to
pick a radius secret key and need to add that key for your client on
ACE database.
Most of our servers using some flavor of ssh (openssh or sunssh or
ssh) and pam_radius
It basically prompts for Password: (you put your passcode here). We
also have sudo
with pam enabled. So there is no local password needed for users.
These are files I needed to modify
- /etc/raddb/server (only can access raddb dir)
- /etc/pam.conf - just two extra lines; one for sshd and one for sudo
- /etc/ssh/sshd_config OR /usr/local/etc/sshd_config
seems Solaris always tries to authenticate locally even after I configure
It has nothing to do with Solaris. It is SSHD that you need to configure right.
pam.conf. RSA has a "work around" but they do not support even the work
around. RSA will support OpenSSH, but not the sshd included with Solaris.
The problem is not ssh difference. It is all handled by pam. Both
SunSSH and OpenSSH
knows how to communicate with PAM if they are compiled with pam library.
Any help would be appreciated.
_______________________________
Edward Reiss <ed.reiss@convdata.com>
Cell
631.681.7181
Landline
518.533.9764
Fax
631.881.5545
Quis custodiet ipsos custodes?
_______________________________
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
