I have a question or two; when you say this is fixed in the current
Solaris Express, do you mean the fix exists in pam_ldap or in Solaris
SSH? And if pam_ldap, would I be able to get the pam_ldap library from
Solaris Express and just plunk it into my Solaris 10 /usr/lib/security
directory and voila?
Thanks for the tips,
erich
Darren J Moffat wrote:
Erich Weiler wrote:
Hi Serge,
Reagrding the post at:
https://www.opensolaris.org/jive/thread.jspa?messageID=15536
Do you know if Sun has come out with an updated pam_ldap that allows
folks to log in using ssh public keys? I noticed that, according to
this thread, Sun engineers were working on it back on October of 2005,
I figured since it's now 9 months later maybe it was finished? Just
wondering, because this problem is the only thing holding our Solaris
LDAP rollout back.
The bug is fixed in current Solaris Express releases. For Solaris 10
use this workaround:
# cat >> /etc/pam.conf <<EOM
ssh-pubkey account requisite pam_roles.so.1
ssh-pubkey account required pam_unix_account.so.1
EOM
Note that there is no server_policy entry on the pam_unix_account line.
_______________________________________________
opensolaris-rfe mailing list
opensolaris-rfe-xZgeD5Kw2fzokhkdeNNY6A@xxxxxxxxxxxxxxxx
|
