Bug 191338 - Authconfig does not set sshd_config to use PAM for LDAP lookups
Authconfig does not set sshd_config to use PAM for LDAP lookups
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-05-10 18:06 EDT by Nick Drouet
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-11 07:37:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nick Drouet 2006-05-10 18:06:22 EDT
Description of problem:

I have Red Hat ES 4 configured to use OpenLDAP for authentication of Posix 
users. This is performed using the authconfig tool (using LDAP for User 
Information and Authentication). 

Authconfig configures nss_ldap and ldap.conf correctly - ldap users appear when 
using getent passwd or similar. I can also su to a LDAP account with no 
problems. However it is not possible to SSH using an LDAP account.

After some digging it appears that authconfig is not setting the parameter 

UsePAM = yes

in /etc/ssh/sshd_config. This parameter is not actually commented out - adding 
it manually and reloading sshd allows for LDAP based logins. 

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
1.Run authconfig to configure LDAP authentication
2.Attempt to login with SSH account.
Actual results:

Login fails (permission denied)

Expected results:

Login should succeed

Additional info:
Comment 1 Tomas Mraz 2006-05-11 07:37:36 EDT
I'm sorry but the 'UsePAM yes' config option is specified by default in the
/etc/ssh/sshd_config file so there is no need to set it by authconfig.

In case of upgrade from an older RHEL distribution it is necessary to verify
changes in all .rpmnew/.rpmsave/.rpmorig files and propagate the changes to the
actual config files by hand. It is not possible to account for all such changes
in authconfig and simillar utilities.

Note You need to log in before you can comment on or make changes to this bug.