Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

SSH Integration

SSHLDAP implements it's functionality by first integrating PAM authentication with LDAP for login authentication for user accounts ids above ${SSHLDAP_POSIX_UID_UPPER}, then by using PAM account authorization to determine if a user has access to the specified hostId as configured in the /etc/${ziD}/sshldap/.netrc. After that the module setups sudo access (via /etc/sudoers.d/sshldap) which contains sudo directives for the group identified by the ${hostId}-sudo group. This is a mirror group that contains all user accounts allowed to sudo on the server (based on users in the group cn=${hostId}-sudo ,${SSHLDAP_SUDO_OPS_DN})

 

SSHLDAP runtime scripts log information to syslog. To enable debugging set the SSHLDAP_DEBUG parameter to true in the /etc/${ziD}/sshldap/sshldap-config.properties file.

LDAP Schema

SSHLDAP applies a schema to the Directory for the pubkey processing as well as data is requires to perform it's functions.

sshlda-schema.ldif
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 
  NAME ( 'sshPublicKey' )
  DESC 'MANDATORY: OpenSSH Public key'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  EQUALITY octetStringMatch 
  X-ORIGIN 'zibernetics package for authentication' 
  USAGE userApplications )

dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0
  NAME ( 'ldapPublicKey' )
  DESC 'MANDATORY: OpenSSH LPK objectclass'
  SUP top
  AUXILIARY
  MAY ( sshPublicKey $ uid )
  X-ORIGIN 'zibernetics package for authentication' )

 

 

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.