Re: ldap/libnss/ssh: (remote) login stops working after some time

On 2009-09-03 06:08, Nico Schottelius wrote:

Ron Johnson [Thu, Sep 03, 2009 at 05:39:07AM -0500]:

On 2009-09-03 05:02, Nico Schottelius wrote:

- login fails for root (who is not in ldap) and ldap users

- I cannot login locally as root!

I thought you said you couldn't *remotely* log in as root.


It fails for *both* ways until I login *locally* as a ldap user.


Looks like a bug!

! It works again (i.e. ssh and local root), if I login locally as an LDAP user.

- It takes about 30 days to occur (or different, not yet sure)

[snip]

Aug  8 22:05:01 ikr3 CRON[19505]: (pam_krb5): none: ignoring low-UID user (0 < 1001)

Does the local root login failure start only after remote root
logins fail?


Yes, afaics it's the same time (i.e. normally local root access is
possible and it also works again, after I logged in as a LDAP user).

I'd work around this issue by not allowing remote root logins.


I'm sorry, how should this fix not being able to login via ssh at all?


$ grep Root /etc/ssh/sshd_config
PermitRootLogin no

--
Brawndo's got what plants crave.  It's got electrolytes!

Reply to:

References:
- ldap/libnss/ssh: (remote) login stops working after some time
  - From: Nico Schottelius <nico-debian-user-ml@schottelius.org>
- Re: ldap/libnss/ssh: (remote) login stops working after some time
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: ldap/libnss/ssh: (remote) login stops working after some time
  - From: Nico Schottelius <nico-debian-user-ml@schottelius.org>