RE: LDAP Auth im SSH
[...]
Habe nun die Reihenfolge auch einmal umgedreht, aber hat nichts gebracht.
Die Datei /etc/acl/ssh.acl hat natürlich richtige Syntax.
$ cat /etc/pam.d/ssh
# PAM configuration for the Secure Shell service #Nur Gruppen welche sich in
/etc/acl/ssh.acl befinden, duerfen einloggen.
auth required pam_listfile.so file=/etc/acl/ssh.acl item=group
sense=allow onerr=succeed
auth required pam_nologin.so
auth required pam_env.so
# Standard Un*x authentication.
@include common-auth
# Standard Un*x authorization.
@include common-account
# Standard Un*x session setup and teardown.
@include common-session
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
#session required pam_limits.so
# Standard Un*x password updating.
@include common-password
$ cat /etc/pam.d/common-*
# /etc/pam.d/common-account - authorization settings common to all services
#
account sufficient pam_ldap.so use_first_pass debug
account required pam_unix.so
#
# /etc/pam.d/common-auth - authentication settings common to all services #
auth sufficient pam_ldap.so use_first_pass debug
auth required pam_unix.so nullok_secure
#
# /etc/pam.d/common-password - password-related modules common to all
services #
password sufficient pam_ldap.so use_first_pass debug
password required pam_unix.so nullok obscure min=4 max=8 md5 shadow
use_authtok
password required pam_cracklib.so retry=3 minlen=6 difok=3
#
# /etc/pam.d/common-session - session-related modules common to all services
#
session sufficient pam_ldap.so use_first_pass debug
session required pam_unix.so
Reply to: