[Bug 2378] Allow login to a role using Hostbased auth on platforms supporting PAM_AUSER
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Apr 13 23:20:49 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2378
--- Comment #2 from Tomas Kuthan <tomas.kuthan at oracle.com> ---
Steps to reproduce/test
----
On the server:
echo 'HostBasedAuthentication yes' >>/etc/ssh/sshd_config
echo 'IgnoreRhosts no' >>/etc/ssh/sshd_config
svcadm restart ssh
roleadd -m testrole
useradd -m -R testrole testuser
cat >/etc/pam.d/sshd-hostbased <<EOF
auth definitive pam_user_policy.so.1
auth requisite pam_authtok_get.so.1
auth required pam_dhkeys.so.1
auth required pam_unix_auth.so.1
auth required pam_unix_cred.so.1
account requisite pam_roles.so.1 allow_remote debug
account definitive pam_user_policy.so.1
account required pam_unix_account.so.1
account required pam_tsol_account.so.1
session definitive pam_user_policy.so.1
session required pam_unix_session.so.1
@ password definitive pam_user_policy.so.1
@ password include pam_authtok_common
@ password required pam_authtok_store.so.1
EOF
su - testrole
echo '192.168.0.1 testuser' >.shosts
ssh testuser at 192.168.0.1 # to populate known_hosts
^D
On the client:
echo 'EnableSSHKeysign yes' >>/etc/ssh/ssh_config
useradd -m testuser
su - testuser
ssh testrole at serverb.tkuthan.oracle.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list