Enabling LDAP for Dropbear
Ratan Gupta
ratagupt at linux.vnet.ibm.com
Wed Aug 29 03:30:17 AEST 2018
Hi Richard,
thx for the response.
Seems the pam config is not login, it is dropbear(/etc/pamd.d/dropbear)
Now in this file currently it is including the auth and the account module
cat /etc/pam.d/dropbear
#%PAM-1.0
auth include common-auth
account include common-account
So I added the session module and point to common-session and in the
common session I had the following entrys.
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0077 debug >>> pam_mkhomedir should have been created the directory.
session sufficient pam_unix.so debug
session sufficient /lib/security/pam_ldap.so debug.
Ratan
On Tuesday 28 August 2018 09:46 PM, Thomaiyar, Richard Marian wrote:
> Ratan, which pam config file you tried. It should be done in
> /etc/pam.d/login (Not tried this, but can give a try)
>
> The problem with pam_mkhomedir.so is the home directory will not be
> deleted after logout, and may end up with stale home directories (Need
> to figure out a way for this?).
>
> Not aware about this Autofs, need to understand about this, before
> making any comment.
>
> regards,
> Richard
>
>
> On 8/28/2018 3:23 PM, Ratan Gupta wrote:
>> Hi All,
>>
>> As part of enable LDAP on the BMC,We are enabling the LDAP on the
>> dropbear(ssh server) through pam configuration,I am facing a problem
>> when the ssh client trying to connect the bmc through ssh.
>>
>> There are two steps involved when ssh client connect to the ssh server.
>> 1) Authentication
>> 2) Open the shell
>>
>> I could have seen that authentication gets success but opening the
>> shell got failed since the home directory should be existing for the
>> ldap user.
>>
>> To solve this I tried to make the following changes in the pam config
>> file.
>>
>> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
>> umask=0077 debug >>> pam_mkhomedir should have been created the
>> directory.
>> session sufficient pam_unix.so debug
>> session sufficient /lib/security/pam_ldap.so debug
>>
>> Even after making the above changes I don't see that the home
>> directory was created.
>>
>> NOTE:- If I create the directory in advance then I am not facing this
>> problem.
>>
>> We have other option to solve this is to mount directories over
>> network with the use of autofs service
>>
>> https://help.ubuntu.com/community/AutofsLDAP
>>
>> Can some body help me what could be other option to create the home
>> directories and which one is used industry wise?
>>
>> Ratan
>>
>
More information about the openbmc
mailing list