From: Jeff Allen (allen@cs.dal.ca)
Date: Tue Aug 29 2006 - 08:35:03 EDT
As it turned out this is an issue with OpenSSH 4.3p1. There is a
patch avilable at: http://www.zip.com.au/~dtucker/openssh/4.3p1-
configure.patch
Did a make distclean, applied the patch, and rebuilt with no problems.
Thanks to Francois Bousquet who replied suggesting I use the native
Solaris pam_ldap. We're using Apple's Open Directory and I'm not
brave enough to go about patching and recompiling the slapd included
with that.
Original Post:
> I have just set up a PAM enabled OpenSSH daemon to allow
> authentication against an OpenLDAP server. Authentication is working
> fine but when I run the last command SSH logins do not have a
> terminal or host name listed and the login date is "Wed Dec 31
> 20:00". A log out time isn't recorded when logging out and last
> reports "still logged in". Finger reports all the correct information
> so it seems to be getting name service info properly. Does last and
> wtmpx not use the OS name service stuff? Has anyone seen this before?
>
> Background:
> Solaris 8 kernel 117350-28
> OpenLDAP client 2.3.27
> LDAP patch 108993-49 (similar behavior experienced with revision 60)
> OpenSSH 4.3p1 / OpenSSL 0.9.7f
> PAM LDAP module 1.80
> NSS LDAP module 2.52
> nscd has been restarted, but ldap_cachemgr is not running, I have
> read it is not recommended with OpenLDAP, only with Sun's directory
> server.
-- Jeff Allen Systems Administrator Faculty of Computer Science Dalhousie University Halifax NS Canada http://www.cs.dal.ca/ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:40:41 EDT