Force OpenSSH (SSHD) to use authentication via LDAP server

Lightweight Directory Access Protocol, or LDAP , is a directory services running over TCP/IP. Most large business and organization use LDAP for centralized authentication.

You can read LDAP Linux HOWTO for setup and configuration. If your workstation or server setup to authenticate via LDAP, open ssh will not work when user try to connect from remote system. You need to make little modification to openssh, so that it can authenticate you via LDAP:

Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config file

Append or modify line as follows:
PAMAuthenticationViaKbdInt yes

Restart OpenSSH
# /etc/init.d/sshd restart

Now ssh server will accept login for remote users.

You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 4 comments… read them below or add one }

1 Aneesh November 24, 2006 at 11:37 pm: I think no additional configuration is needed because the file /etc/nsswitch.conf
2 Aneesh November 24, 2006 at 11:39 pm: I think no additional configuration is needed because the file /etc/nsswitch.conf contains the entry
passwd: files ldap
This will do the trick.
3 nixcraft November 25, 2006 at 8:41 am: LDAP and authentication mechanism is already configured. But you need to tell this to OpenSSH.
4 Benny Chitambira December 11, 2008 at 10:29 am: The 1st method suggested is now deprecated
The second solution is usually configured already, so that not a solution
The real problem is usually in the configuration of pam
edit or create file:
/etc/pam.d/sshd
comment out or delete line:
# account required pam_access.so
This removes the requirement that the user should have a local account.
The above line is usually present in systems installed via kickstart