Should sshd be fixed to handle NIS+ keylogin

Tim McGarry tim at mcgarry.ch
Tue Jan 15 10:14:52 EST 2002


----- Original Message -----
From: "Darren J Moffat" <Darren.Moffat at Sun.COM>
To: "Tim McGarry" <tim at mcgarry.ch>
Cc: <openssh-unix-dev at shitei.mindrot.org>
Sent: Tuesday, January 15, 2002 12:01 AM
Subject: Re: Should sshd be fixed to handle NIS+ keylogin


> > then sshd doesn't do the keylogin, therefore, no home directory (dh
Secured
> > NFS). and resticted access to the NIS+ maps.
> >
> > Should sshd be fixed to handle the keylogin. (Obviously this could only
work
> > with password auth)
>
>
> keylogin is handled by pam_unix on Solaris and since sshd always calls
> pam_setcred if it was built with PAM support this should just work.

It re-check why it doesn't work in my case (Solaris 2.6/OpenSSH 3.0.2p1
built --with-pam)  -Anyone got any ideas what may be wrong?
>
>
> If you want AUTH_DH secured NFS then you can't use publickey
> authenticatio with sshd since you need to supply your secure rpc key
> (which is usually the same as your login password).

Obviously the clients can't use ~/.ssh/authorized_keys if ~ is on secure NFS
(well not the first time/but once the keyserver has the key subsequent
connections work)
This is not a problem, since OpenSSH started allowing the authorized_keys
file location to be defined, Its simple to use another location
eg /etc/authorized_keys/%u.

The keylogin is important for interactive sessions, because I really want my
home-directory, RSA logins are often just batch jobs so getting the creds is
(in my case) not so important.
>
> --
> Darren J Moffat
>




More information about the openssh-unix-dev mailing list