Re: NIS - netgroup
This is a discussion on Re: NIS - netgroup within the OpenSSH Development forums, part of the Networking and Network Related category; Greetings; Yes to both, here are what my config and related system files look like, but I think that I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-28-2006
|
|||
|
|||
Re: NIS - netgroup
Greetings;
Yes to both, here are what my config and related system files look like, but I think that I have tried just about every variation possible, not sure about the pam.conf though. Using the scenario below, I am able to sucessfuly login as root from *any* host to serverA. This is true because the remote host is using a valid key that is contained witin serverA's authorized_keys file. So what I am looking to do is to precede netgroups prior to auth by authorized_keys, does this make any sense? Thank you Tim and all! Vadim LDD Output On My SSHD: ----------------------------------- root@serverA#: /tmp=> ldd /usr/local/sbin/sshd libpam.so.1 => /usr/lib/libpam.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libresolv.so.2 => /usr/lib/libresolv.so.2 librt.so.1 => /usr/lib/librt.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libc.so.1 => /usr/lib/libc.so.1 libcmd.so.1 => /usr/lib/libcmd.so.1 libaio.so.1 => /usr/lib/libaio.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Blade-1000/lib/libc_psr.so.1 SSHD_CONFIG On serverA: ------------------------------------ HostKey /etc/ossh/ssh_host_key HostKey /etc/ossh/ssh_host_rsa_key HostKey /etc/ossh/ssh_host_dsa_key PermitRootLogin yes AllowGroups trustedusers ntadmins AuthorizedKeysFile %h/.ssh/authorized_keys IgnoreRhosts no UsePAM yes PrintMotd no PidFile /var/run/sshd.pid Banner /etc/ossh/banner Subsystem sftp /usr/libexec/sftp-server My roots .rhosts and .shosts files (They are the same on serverA): ------------------------------------------------------------------------------------------ -@nontrustedhosts +@trustedhosts Hosts Within The trustedhosts netgroup(verified by doing a ypcat: ------------------------------------------------------------------------------------------ trustedhosts (host1,-,) (host2,-,) (host3,-,) Hosts Within The nontrustedhosts netgroup: --------------------------------------------------------- nontrustedhosts (hostx,-,) (hosty,-,) (hostz,-,) My /etc/pam.conf file, the one thing that I am uncertain of: ---------------------------------------------------------------------------------- login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 dtlogin auth requisite pam_authtok_get.so.1 dtlogin auth required pam_dhkeys.so.1 dtlogin auth required pam_unix_auth.so.1 sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth sufficient pam_unix_auth.so.1 sshd account required pam_unix_account.so.1 rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 login account requisite pam_roles.so.1 login account required pam_projects.so.1 login account required pam_unix_account.so.1 dtlogin account requisite pam_roles.so.1 dtlogin account required pam_projects.so.1 dtlogin account required pam_unix_account.so.1 other account requisite pam_roles.so.1 other account required pam_projects.so.1 other account required pam_unix_account.so.1 other session required pam_unix_session.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 dtsession auth requisite pam_authtok_get.so.1 dtsession auth required pam_dhkeys.so.1 dtsession auth required pam_unix_auth.so.1 ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 ppp account requisite pam_roles.so.1 ppp account required pam_projects.so.1 ppp account required pam_unix_account.so.1 ppp session required pam_unix_session.so.1 passwd auth required pam_passwd_auth.so.1 cron account required pam_unix_account.so.1 Perinent portion of /etc/nsswitch.conf: ----------------------------------------------------- netgroup: nis # I've tried also file and files nis (files by copying to local file on serverA) >From: Tim Rice <tim@multitalents.net> >To: Vadim Pushkin <wiskbroom@hotmail.com> >CC: openssh-unix-dev@mindrot.org >Subject: Re: NIS - netgroup >Date: Tue, 25 Apr 2006 14:37:38 -0700 (PDT) >On Tue, 25 Apr 2006, Vadim Pushkin wrote: > > > Hello; > > > > Sorry for the crosspost/repost, but I am getting desparate here. > > > > I am having difficulties setting up ssh (ossh4.3p2 - NIS >-Solaris8/Sparc) to > > authenticate and allow ossh access based on NIS netgroup. So, users >and/or > > host should be from a valid netgroup triple, contained within the ossh > > servers .rhosts, .shosts, hosts.equiv and/or shosts.equiv. > > > > I am having alot of trouble getting NIS netgroup to work with my current > > sshd_config, and I've tried just about everything... > > > > My environment is pure NIS, no LDAP, at least not for the next year. > >I don't use NIS here, just LDAP. > >Did you compile openssh with PAM support? >Do you have "UsePAM yes" in your sshd_config? > > > > > Again, many thanks in advance, > > > > .vp > >-- >Tim Rice Multitalents (707) 887-1469 >tim@multitalents.net _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
