Login : Check LDAP Before SSH Key
How can I configure PAM (or SSHD) To check and see if the user has a valid LDAP account before accepting their SSH Public Key for login?
I have issues where when employees are removed from LDAP, they can still login because they have a public key. I would prefer to have the system check LDAP first so I don't have to focus on removing these keys from 100's of boxes first.
In the meantime I'll write a script to hit each server and remove the key, but this is still hard to manage as servers come and go....
Thanks!
|