LDAP issues with 3.8.1p1

[Vincent Danen]

On Jun 11, 2004, at 11:03 AM, Steve Belt (rgpg70) wrote:

> I have recently compiled and installed release 3.8.1p1.  This was done 
> on a Solaris 8 system using LDAP as its naming service.  The new 
> release, however, will not let me log in (as a regular user).  I 
> repeatedly get "Permission denied, please try again" messages.  The 
> root user, though, can log in okay.  The same thing happened with the 
> 3.7.1p2 release.  The 3.6.1p1 release (which is currently running on 
> the machine) works okay, however.  All were compiled in the same 
> manner (--prefix=/opt/openssh as the only arg).
>
> So, it seems something changed between the 3.6.1p1 release and the 
> 3.7.1p2 release with regards to LDAP that affects user authentication. 
> I was in hopes this would be "corrected" with the 3.8.1p1 release, but 
> it seems it has not.  Both the 3.7.1p2 and 3.8.1p1 releases, however, 
> work fine on machines using NIS as the naming service.  It would 
> appear, then, that openssh is having trouble with the LDAP name 
> service and user authentication.  The root user is allowed access 
> probably due to the fact that its account info is local to the machine 
> (/etc/passwd), and is not obtained through the name service.
>
> Any help/info on running the current release of openssh with LDAP 
> would be greatly appreciated.

You have to enable UsePAM.  I'm assuming you're using pam_ldap and 
nss_ldap for your authentication.  This has been discussed previously 
on the list.

Setting UsePAM yes should do the trick for you.

-- 
OpenSLS - Secure Linux Server: http://opensls.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040611/572388b1/attachment.bin