[SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP users?

Alexander Skwar listen at alexander.skwar.name
Fri Aug 17 05:40:17 EST 2007 

· Douglas E. Engert <deengert at anl.gov>:

> 
> 
> Alexander Skwar wrote:
>> Douglas E. Engert <deengert at anl.gov> wrote:
>>> Alexander Skwar wrote:
>>>> Douglas E. Engert <deengert at anl.gov> wrote:
>> 
>>>>> the getpw.c program I sent yesterday should return (assuming the
>>>>> username is not also in the local /etc/passwd file):
>>>>> useranme:x:...
>>>>> username:crypted-password:...
>>>> Ah!
>>>>
>>>> --($:~/Source/pamtest)-- sudo ./getpw askwar
>>>> STDC = __STDC__
>>>> askwar:x:10001:10:Alexander
>>>> Skwar,alexander.skwar at Exampleauto.com:/export/home/askwar:/opt/csw/bin/bash
>>>> askwar:cd9--------psA:13503:-1:-1-1:-1:-1:0
>>>>
>>>> --($:~/Source/pamtest)-- sudo ./getpw testing
>>>> STDC = __STDC__
>>>> testing:x:54321:10:Alexander
>>>> Skwar,alexander.skwar at Exampleauto.com:/export/home/testing:/opt/csw/bin/bash
>>>> testing:*NP*:-1:-1:-1-1:-1:-1:0
>>>>
>>>> *NP* for testing? Why's that? Why's there a difference?
>>>
>>> This could be the problem. NP is used for OK to login if you can
>>> authenticate some other way. *NP* may be considered locked,
>>> as * is not a valid crypt character.
>>>
>>> Try using ldapmodify to change the password to {crypt}NP
>>>
>>> See of you can get the  phpLdapAdmin to add NP rather then *NP*
>>> Or set some valid password.
>> 
>> Uhm - I DO have a valid password for the "testing" user. And
>> as soon as I remove "askwar" from /etc/shadow, I also get *NP* (no
>> password, I guess?) when I run getpw. Is that not the way you
>> expect it to be?
> 
> No, I expect it to be NP not *NP*.
> 
> We use SSH with GSSAPI and the LDAP accounts use {crypt}NP
> This works on Linux, Solaris 10 using the Solaris sshd, and older
> Solaris systems using OpenSSH sshd.

Hm. Interesting. I don't know what to do to get it display
{crypt}NP or {crypt}*NP*. pam is configured exactly as the
Sun documentation has it. Could you be so kind and send
your /etc/pam.conf from your S10 machine?

Thanks,

Alexander Skwar
-- 
Plastic...  Aluminum...  These are the inheritors of the Universe!
Flesh and Blood have had their day... and that day is past!
                -- Green Lantern Comics

More information about the openssh-unix-dev mailing list