How to configure PAM as a submethod of keyboard-interactive to use LDAP on Linux? |
To enable Keyboard-Interactive authentication, make sure that you have the following line in the /etc/ssh2/ssh2_config file: AllowedAuthentications keyboard-interactive Keyboard-interactive is enabled by default on the client. SSH Tectia Server Configuration Keyboard-interactive is not enabled by default on the server. Make sure that you have the following line in the /etc/ssh2/sshd2_config file: AllowedAuthentications keyboard-interactive The pam submethod for Keyboard-Interactive is configured as follows: AuthKdbInt.Optional pam PAM configuration Following is an example how to configure a PAM to do LDAP authentication on a Redhat 9 machine. file /etc/pam.d/sshd2: auth required /lib/security/pam_ldap.so account required /lib/security/pam_ldap.so password required /lib/security/pam_ldap.so session required /lib/security/pam_ldap.so file /etc/nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap file /etc/ldap.conf: host ldapserver.company.com base dc=company,dc=com ldap_version 3 port 389 scope one pam_min_uid 10000 pam_max_uid 20000 nss_base_passwd ou=accounts,dc=company,dc=com?one nss_base_shadow ou=accounts,dc=company,dc=com?one nss_base_group ou=groups,dc=company,dc=com?one ssl no pam_password md5 This above is just an example and needs to be modified according to your ldap server. |