[SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP users?

Douglas E. Engert deengert at anl.gov
Fri Aug 17 01:45:40 EST 2007 


Alexander Skwar wrote:
> Douglas E. Engert <deengert at anl.gov> wrote:
> 

> 
>> the getpw.c program I sent yesterday should return (assuming the username
>> is not also in the local /etc/passwd file):
>> useranme:x:...
>> username:crypted-password:...
> 
> Ah!
> 
> --($:~/Source/pamtest)-- sudo ./getpw askwar 
> STDC = __STDC__
> askwar:x:10001:10:Alexander Skwar,alexander.skwar at Exampleauto.com:/export/home/askwar:/opt/csw/bin/bash
> askwar:cd9--------psA:13503:-1:-1-1:-1:-1:0
> 
> --($:~/Source/pamtest)-- sudo ./getpw testing 
> STDC = __STDC__
> testing:x:54321:10:Alexander Skwar,alexander.skwar at Exampleauto.com:/export/home/testing:/opt/csw/bin/bash
> testing:*NP*:-1:-1:-1-1:-1:-1:0
> 
> *NP* for testing? Why's that? Why's there a difference?


This could be the problem. NP is used for OK to login if you can
authenticate some other way. *NP* may be considered locked,
as * is not a valid crypt character.

Try using ldapmodify to change the password to {crypt}NP

See of you can get the  phpLdapAdmin to add NP rather then *NP*
Or set some valid password.



> 
> Hmm....
> 
> --($:~/Source/pamtest)-- sudo grep test /etc/shadow
> 
> --($:~/Source/pamtest)-- sudo grep askwar /etc/shadow
> askwar:cd,,,,,,QkpsA:13503::::::
> 
> Ah. askwar is in shadow. 
> 
> Now I removed askwar from /etc/shadow. And, lo and behold, I'm no longer
> able to do a password-less login to the system. Great! Just the way it
> is documented! Excellent! Also good to see, that it really didn't have
> anything to do with LDAP. :)
> 
> Now I just got to curse at Sun for requiring a password. I guess I need
> to have a look at lpk, OpenSSH LDAP Public Key.
> 
> Douglas, and others, thanks a million for bearing with me and helping
> me to finally find the difference! I very much appreciate it!
> 
> Alexander Skwar
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the openssh-unix-dev mailing list