Description of problem: The default config of sshd means that if you enable LDAP Authentication using authconfig you cannot connect using ssh, but you can login at the console or by telnet. The default sshd_config file should be changed to to allow ssh logins to be authenticated (via PAM) against an LDAP directory. Version-Release number of selected component (if applicable): openssh-3.5p1-6.9 How reproducible: Always Steps to Reproduce: 1. Setup LDAP directory with user objects etc 2. Run authconfig to configure PAM and NSS to use LDAP 3. Try to ssh to system using userid stored in LDAP 4. Unable to login Actual results: Unable to login. Expected results: Should be able to login. Additional info: I found the fix after some help on the shrike mailing list, my orginal question: http://www.redhat.com/archives/shrike-list/2003-August/msg00457.html and the successful answer: http://www.redhat.com/archives/shrike-list/2003-August/msg00474.html
That "fix" is not necessary. The real fix, I suspect, was that you restarted ssh after making the changes to the config file.
Agreed. When you enable LDAP in authconfig, /etc/nsswitch.conf has "ldap" added to the list of sources for passwd and group information, among other things. This file is only read once by any given process. Because sshd forks to handle each new connection, new connections don't "notice" changes to the file unless you restart the listening daemon. Marking worksforme.