ssh public keys and pam
Stanislav Sedov
stas at 310.ru
Thu Oct 20 22:07:28 UTC 2005
On Thu, Oct 20, 2005 at 09:25:42PM +0000, Daniel Jacober wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jason
>
> Yes that's exactly what I would like to do.
> I would like to store the SSH public keys in an LDAP - Directory
> instead of storing them locally.
> Then I would like to authenticate against those keys. This way I could
> control access to all our servers via LDAP.
>
> I first tried to hack pam_ldap - module but I read about issues in a
> newsgroup
>
> http://www.opensolaris.org/jive/thread.jspa?threadID=614&tstart=15
>
> Therefore I tried to make my own module. But I can't find a way to get
> the public key into the pam-module. All I get is the password after
> SSH pubkey authentication fails.
>
> Any hint on this subject is greatly appreciated.
>
> Regards Daniel
It seems that SSH can't fetch keys using PAM or LDAP. Furthermore,
SSHd don't use PAM in case if user is authentificating using
public keys.
You must patch SSHd to fetch keys from LDAP, or write PAM module
that will communicate with ssh client and verify keys manually.
Probably, this can't be achived, because you must initiate
key exchange procedure with client.
More information about the Pam-list
mailing list