Re: OpenSSH public key problem with Solaris 10 and LDAP users?
This is a discussion on Re: OpenSSH public key problem with Solaris 10 and LDAP users? within the OpenSSH Development forums, part of the Networking and Network Related category; Peter Stuge <stuge-openssh-unix-dev@cdy.org> wrote: > On Tue, Aug 14, 2007 at 02:29:...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-14-2007
|
|||
|
|||
Re: OpenSSH public key problem with Solaris 10 and LDAP users?
Peter Stuge <stuge-openssh-unix-dev@cdy.org> wrote:
> On Tue, Aug 14, 2007 at 02:29:17PM +0200, Alexander Skwar wrote: >> | Aug 14 14:22:12 winds06 sshd[3078]: [ID 835736 auth.debug] >> | __ns_ldap_getAcctMgmt() failed for testme with error 7 >> | >> | ==> ./remote/winds06/auth/warning <== >> | Aug 14 14:22:12 winds06 sshd[3078]: [ID 778364 auth.warning] libsldap: >> | server 127.0.0.1 does not provide account information without password > > Maybe this is a hint. Yep. Public Key auth is certainly auth without a password :) But why don't I get this message, when I login with a good user? >> | ==> ./remote/winds06/local4/debug <== >> | Aug 14 14:22:12 winds06 slapd[24115]: [ID 925615 local4.debug] <= >> | bdb_equality_candidates: (memberUid) index_param failed (18) Aug 14 >> | 14:22:12 winds06 slapd[24115]: [ID 925615 local4.debug] <= >> | bdb_equality_candidates: (uid) index_param failed (18) > > Or this. That's just about a missing index. Important if you're interested in performance. And I also get this for good users. >> "error 7"? What's that? > > $ qlist openldap|grep include|xargs grep ERR|grep 7 > > gave these candidates: > > /usr/include/ldap.h:#define LDAP_FILTER_ERROR (-7) > /usr/include/ldap.h:#define LDAP_URL_ERR_BADATTRS 0x07 /* bad (or > missing) attributes */ > /usr/include/ldap_schema.h:#define LDAP_SCHERR_BADDESC 7 Thanks. >> Anyway. Still looks like PAM / LDAP issue. > > Yes, it is. With a strange coincidence with SSH. >> But what I don't get is, why I *am* able to login as some users >> with a pubkey. Any ideas about why that might be? > > Something is different in the LDAP data stored for the users, > probably because of how they were created. I hope you can find what > it is. That's the thing - I cannot... :( I copied the new user, using the data from a working user. I also tried to create a new user "from scratch". Having a look at the LDIF exports, I cannot see any differences. Anyway. Probably really a LDAP thing. Sadly we're using Solaris and not Linux - in Solaris, everything is just soo much more complicated... Oh, well. Alexander Skwar _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
