Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Solaris 8, PAM, LDAP

from [Jerry] Network Security [Permanent Link]
Subject: Solaris 8, PAM, LDAP
Date: Tue, 28 Sep 2004 07:18:27 -0700 (PDT) 
I'm using OpenSSH_3.9p1, with UsePAM=yes and LDAP as
my naming service.  I originally enabled UsePAM=yes to
prevent accounts with expired passwords or locked
accounts from ssh-ing via public keys.  This seems to
have worked in the past.

Now, after switching to LDAP, I'm having some trouble.
 If I set UsePAM=yes, *and* have an authorized_keys
file I will not be able to ssh into the machine.  Even
If I attempt to login w/password only it appears the
existance of the authorized_keys file stops me.  The
password prompt continually rejects the correct
password.  If I move authorized_keys out of the way, I
can login with my password. Wierd.

I've got around this by setting
PubkeyAuthentication=no temporarily as now I can login
without having to move a file in my home directory
every time.  This is obviously not desired, since I
want public key authentication.

If I set usePAM=no and PubkeyAuthentication=no, then
pw logins don't work at all.  If I set usePAM=no and
PubkeyAuthentication=yes then only key logins work.  I
can't seem to get both to work.  What am I missing?

Jerry

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Solaris 8, PAM, LDAP, Jerry <=
Previous by Date:  Re: sftp access, Darren Tucker
Next by Date:  Re: Locking down ssh config in large env, David M. Andersen
Previous by Thread:  A Banner., Alexander Krasnostavsky
Next by Thread:  Re: Using wrappers w/ssh, Bill Edison
Indexes:  [Date] [Thread] [Top] [All Lists]