[Samba] PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate
SSH
Buchan Milne
bgmilne at cae.co.za
Wed May 22 04:43:41 GMT 2002
> Message: 15
> From: mjd at alphalink.com.au
> Reply-To: mjd at alphalink.com.au
> To: samba at lists.samba.org
> Date: Wed, 22 May 2002 14:14:10 +1000
> Subject: [Samba] PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate SSH
>
> Hello,
>
> I'm currently running winbind (from Samba 2.2.3a) so that our
> Windows users can ssh into our Linux box. I've set up Samba,
> PAM and winbind, and it's working well. Users can see their
> files, and they can log in using their windows usernames. No
> problem.
>
> When users access their Samba share, they don't need
> to reauthenticate, because they've already done so with
> the PDC via their Windows box.
>
> Is there a way to set up PAM so that authenticated Windows
> users who ssh into the Linux box don't need to type a
> password? (This will make using CVS much easier)
>
If you get them to generate ssh-keys, and put the public key in
~/.ssh/authorized_keys on the server, then they won't need passwords.
You will either:
1)Have to get ssh-agent working on windows (I haven't managed, but
Putty's pageant does work, but that's not what you want for cvs)
2)Create keys without passphrases.
Just check the perms on ~/.ssh, ssh is quite sticky (for good reason).
Must be 700 on ~/.ssh, and 600 on ~/.ssh/* except for ~/.ssh/*public*
Since we have Z: mapped as the home directory on our samba server, we
set the HOME env variable on windows to Z:, which ensures that cygwin
ssh uses the same .ssh as linux :-).
> I have looked at winbind, pam_smb_pass, pam_smb_auth and
> pam_ntdom but can't seem to find any clearcut answer to
> this question.
Has anyone thought of writing a pam_ntlm (or something) module that
would do the same? Or should pam_winbind handle this?
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
More information about the samba
mailing list