OpenSSH public key problem with Solaris 10 and LDAP users?
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Tue Aug 14 23:17:27 EST 2007
On Tue, Aug 14, 2007 at 02:29:17PM +0200, Alexander Skwar wrote:
> | Aug 14 14:22:12 winds06 sshd[3078]: [ID 835736 auth.debug] __ns_ldap_getAcctMgmt() failed for testme with error 7
> |
> | ==> ./remote/winds06/auth/warning <==
> | Aug 14 14:22:12 winds06 sshd[3078]: [ID 778364 auth.warning] libsldap: server 127.0.0.1 does not provide account information without password
Maybe this is a hint.
> | ==> ./remote/winds06/local4/debug <==
> | Aug 14 14:22:12 winds06 slapd[24115]: [ID 925615 local4.debug] <= bdb_equality_candidates: (memberUid) index_param failed (18)
> | Aug 14 14:22:12 winds06 slapd[24115]: [ID 925615 local4.debug] <= bdb_equality_candidates: (uid) index_param failed (18)
Or this.
> "error 7"? What's that?
$ qlist openldap|grep include|xargs grep ERR|grep 7
gave these candidates:
/usr/include/ldap.h:#define LDAP_FILTER_ERROR (-7)
/usr/include/ldap.h:#define LDAP_URL_ERR_BADATTRS 0x07 /* bad (or
missing) attributes */
/usr/include/ldap_schema.h:#define LDAP_SCHERR_BADDESC 7
> Anyway. Still looks like PAM / LDAP issue.
Yes, it is.
> But what I don't get is, why I *am* able to login as some users
> with a pubkey. Any ideas about why that might be?
Something is different in the LDAP data stored for the users,
probably because of how they were created. I hope you can find what
it is.
//Peter
More information about the openssh-unix-dev
mailing list