Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 102322 - Unable to ssh to box with LDAP authentication enabled via PAM
Unable to ssh to box with LDAP authentication enabled via PAM
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2003-08-13 16:14 EDT by Keith Sharp
Modified: 2007-04-18 12:56 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-15 14:56:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Keith Sharp 2003-08-13 16:14:38 EDT
Description of problem:

The default config of sshd means that if you enable LDAP Authentication using
authconfig you cannot connect using ssh, but you can login at the console or by
telnet.  The default sshd_config file should be changed to to allow ssh logins
to be authenticated (via PAM) against an LDAP directory.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Setup LDAP directory with user objects etc
2. Run authconfig to configure PAM and NSS to use LDAP
3. Try to ssh to system using userid stored in LDAP
4. Unable to login
Actual results:

Unable to login.

Expected results:

Should be able to login.

Additional info:

I found the fix after some help on the shrike mailing list, my orginal question:


and the successful answer:

Comment 1 Shahms E. King 2004-04-15 12:30:14 EDT
That "fix" is not necessary.  The real fix, I suspect, was that you
restarted ssh after making the changes to the config file.
Comment 2 Nalin Dahyabhai 2004-04-15 14:56:14 EDT
Agreed.  When you enable LDAP in authconfig, /etc/nsswitch.conf has
"ldap" added to the list of sources for passwd and group information,
among other things.  This file is only read once by any given process.
 Because sshd forks to handle each new connection, new connections
don't "notice" changes to the file unless you restart the listening
daemon.  Marking worksforme.

Note You need to log in before you can comment on or make changes to this bug.