Re: [SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP
This is a discussion on Re: [SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP within the OpenSSH Development forums, part of the Networking and Network Related category; Alexander Skwar wrote: > Douglas E. Engert <deengert@anl.gov> wrote: >> Alexander Skwar wrote: >>&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-16-2007
|
|||
|
|||
Re: [SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP
Alexander Skwar wrote: > Douglas E. Engert <deengert@anl.gov> wrote: >> Alexander Skwar wrote: >>> Douglas E. Engert <deengert@anl.gov> wrote: > >>>> the getpw.c program I sent yesterday should return (assuming the >>>> username is not also in the local /etc/passwd file): >>>> useranme:x:... >>>> username:crypted-password:... >>> Ah! >>> >>> --($:~/Source/pamtest)-- sudo ./getpw askwar >>> STDC = __STDC__ >>> askwar:x:10001:10:Alexander >>> Skwar,alexander.skwar@Exampleauto.com:/export/home/askwar:/opt/csw/bin/bash >>> askwar:cd9--------psA:13503:-1:-1-1:-1:-1:0 >>> >>> --($:~/Source/pamtest)-- sudo ./getpw testing >>> STDC = __STDC__ >>> testing:x:54321:10:Alexander >>> Skwar,alexander.skwar@Exampleauto.com:/export/home/testing:/opt/csw/bin/bash >>> testing:*NP*:-1:-1:-1-1:-1:-1:0 >>> >>> *NP* for testing? Why's that? Why's there a difference? >> >> This could be the problem. NP is used for OK to login if you can >> authenticate some other way. *NP* may be considered locked, >> as * is not a valid crypt character. >> >> Try using ldapmodify to change the password to {crypt}NP >> >> See of you can get the phpLdapAdmin to add NP rather then *NP* >> Or set some valid password. > > Uhm - I DO have a valid password for the "testing" user. And > as soon as I remove "askwar" from /etc/shadow, I also get *NP* (no > password, I guess?) when I run getpw. Is that not the way you > expect it to be? No, I expect it to be NP not *NP*. We use SSH with GSSAPI and the LDAP accounts use {crypt}NP This works on Linux, Solaris 10 using the Solaris sshd, and older Solaris systems using OpenSSH sshd. The OpenSSH 4.5 src/sshd.0 talks about using locked accounts and NP or *NP*. See the OpenSolaris source for pam says it can use *NP*: http://cvs.opensolaris.org/source/xr...b/pam_modules/ But many of the sun blogs talk about NP. So OpenSolaris may have added *NP* as well. NP works for us from LDAP. > > Alexander Skwar > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@mindrot.org > https://lists.mindrot.org/mailman/li...enssh-unix-dev > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
