|
ssh local account / ldap account
Hi,
Here is my problems : Today, - Ldap accounts are allowed to connect on SSH - Local account are not allowed to connect on SSH Ldap account is allowed by "/etc/pam/sshd" : Code:
auth required pam_listfile.so item=group sense=allow file=/etc/security/allowed-groups onerr=succeed- Permit LDAP account to connect on SSH with a publickey or a password - Permit Local account to connect on SSH with a publickey but deny with password) They are some options on sshd_config like PubkeyAuthentication and PasswordAuthentication; but these options seem to be for all account. Is there any way to do this ? If possible, I don't want to put all my local users in a same "global local group" Best regards, |
Only way I can think of to accomplish what you want is to run multiple ssh daemons. That of course means you will have to select a port other than port 22 for one of them.
|
If you can separate them into 2 groups, I think the sshd_config Match option http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5 will do the trick.
|
That was exactly what I want, but Match option is in opensshd>=4.4
I'm using RHEL5.4 who have got a 4.3 ... :( |
You might want to check that; RH backport changes, so the version num doesn't change, but the release num does.
Quote:
|
|
| All times are GMT -5. The time now is 04:54 AM. |