OpenSSH public key problem with Solaris 10 and LDAP users?

Peter Stuge stuge-openssh-unix-dev at cdy.org
Tue Aug 14 23:17:27 EST 2007


On Tue, Aug 14, 2007 at 02:29:17PM +0200, Alexander Skwar wrote:
> | Aug 14 14:22:12 winds06 sshd[3078]: [ID 835736 auth.debug] __ns_ldap_getAcctMgmt() failed for testme with error 7
> | 
> | ==> ./remote/winds06/auth/warning <==
> | Aug 14 14:22:12 winds06 sshd[3078]: [ID 778364 auth.warning] libsldap: server 127.0.0.1 does not provide account information without password

Maybe this is a hint.


> | ==> ./remote/winds06/local4/debug <==
> | Aug 14 14:22:12 winds06 slapd[24115]: [ID 925615 local4.debug] <= bdb_equality_candidates: (memberUid) index_param failed (18)
> | Aug 14 14:22:12 winds06 slapd[24115]: [ID 925615 local4.debug] <= bdb_equality_candidates: (uid) index_param failed (18)

Or this.


> "error 7"? What's that?

$ qlist openldap|grep include|xargs grep ERR|grep 7

gave these candidates:

/usr/include/ldap.h:#define LDAP_FILTER_ERROR (-7)
/usr/include/ldap.h:#define LDAP_URL_ERR_BADATTRS 0x07 /* bad (or
missing) attributes */
/usr/include/ldap_schema.h:#define LDAP_SCHERR_BADDESC 7


> Anyway. Still looks like PAM / LDAP issue.

Yes, it is.


> But what I don't get is, why I *am* able to login as some users
> with a pubkey. Any ideas about why that might be?

Something is different in the LDAP data stored for the users,
probably because of how they were created. I hope you can find what
it is.


//Peter


More information about the openssh-unix-dev mailing list