Am Fre, den 26.03.2004 schrieb Izak Burger um 16:05:
> I'm no expert on Jsch, but it looks a LOT like your ldap setup has a
> problem. But I could be wrong. Does it work with other ssh clients?

yes, openssh and putty work excellent. login is no problem in
interactive mode. maybe there is the problem, since jsch does not send
the username/password in interactive mode, but with

> Usually when you setup pam_ldap, you don't make shadow available. this
> way, pam_unix will fail for ldap users (because you have no shadow
> entry) and it falls through to ldap (depending on how your ldap setup
> works, mine is setup to try pam_unix first). Or to be more specific,
> nsswitch.conf contains:
> passwd: files ldap
> group: files ldap
> shadow: files
> /etc/pam.d/ssh contains:
> auth required pam_nologin .so
> auth required
> auth sufficient
> auth sufficient use_first_pass
> auth required
> account sufficient
> account sufficient
> account required
> password sufficient
> password sufficient use_authtok
> password required
> session required
> session optional
> session optional # [1]
> session optional standard noenv # [1]
> session required
> Now when an ldap user logs in, you will not be able to get shadow info
> for the user (ldap isn't even consulted, only /etc/shadow is consulted).
> This makes pam_unix fail, but since pam_unix is not required (merely
> sufficient), it will tr y pam_ldap, which should return PAM_SUCCESS and
> allow access.
> I think the error message you're reporting shows you that pam_unix
> correctly identifies that the user has no shadow entry, but the problem
> is probably with pam_ldap.

i am using the same setup, except that it is based on pam.d/system-auth.

> Just my 2 South African Cents...

thank you,

Digitalkameras - Aktuelle Angebote unter ? 90, HIER KLICKEN!!
Über 1 Mio. Angebote zu günstigen Preisen! eBay - Jetzt besser kaufen!