|
Jan F |
b934981 |
diff -up openssh-5.8p1/HOWTO.ldap-keys.ldap2 openssh-5.8p1/HOWTO.ldap-keys
|
|
Jan F |
b934981 |
--- openssh-5.8p1/HOWTO.ldap-keys.ldap2 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
+++ openssh-5.8p1/HOWTO.ldap-keys 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
@@ -0,0 +1,14 @@
|
|
Jan F |
b934981 |
+
|
|
Jan F |
b934981 |
+1) configure LDAP server
|
|
Jan F |
b934981 |
+2) add appropriate schema
|
|
Jan F |
b934981 |
+3) insert users into LDAP
|
|
Jan F |
b934981 |
+4) on the ssh side set in sshd_config
|
|
Jan F |
b934981 |
+AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
|
|
Jan F |
b934981 |
+AuthorizedKeysCommandRunAs <appropriate user to run LDAP>
|
|
Jan F |
b934981 |
+5) do not forget to set
|
|
Jan F |
b934981 |
+PubkeyAuthentication yes
|
|
Jan F |
b934981 |
+
|
|
Jan F |
b934981 |
+
|
|
Jan F |
b934981 |
+To debug the ssh-ldap-helper is possible to set
|
|
Jan F |
b934981 |
+the necessary flags in the ssh-ldap-wrapper.
|
|
Jan F |
b934981 |
+
|
|
Jan F |
b934981 |
diff -up openssh-5.8p1/ldap-helper.c.ldap2 openssh-5.8p1/ldap-helper.c
|
|
Jan F |
b934981 |
--- openssh-5.8p1/ldap-helper.c.ldap2 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
+++ openssh-5.8p1/ldap-helper.c 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
@@ -51,7 +51,7 @@ usage(void)
|
|
Jan F |
b934981 |
fprintf(stderr, " -f file Use alternate config file (default is /etc/ssh/ldap.conf).\n");
|
|
Jan F |
b934981 |
fprintf(stderr, " -s user Do not demonize, send the user's key to stdout.\n");
|
|
Jan F |
b934981 |
fprintf(stderr, " -v Increase verbosity of the debug output (implies -d).\n");
|
|
Jan F |
b934981 |
- fprintf(stderr, " -w Warn on unknown commands int the config file.\n");
|
|
Jan F |
b934981 |
+ fprintf(stderr, " -w Warn on unknown commands in the config file.\n");
|
|
Jan F |
b934981 |
exit(1);
|
|
Jan F |
b934981 |
}
|
|
Jan F |
b934981 |
|
|
Jan F |
b934981 |
diff -up openssh-5.8p1/Makefile.in.ldap2 openssh-5.8p1/Makefile.in
|
|
Jan F |
b934981 |
--- openssh-5.8p1/Makefile.in.ldap2 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
+++ openssh-5.8p1/Makefile.in 2011-02-25 11:55:59.000000000 +0100
|
|
Jan F |
b934981 |
@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
|
Jan F |
b934981 |
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
|
Jan F |
b934981 |
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
|
Jan F |
b934981 |
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
|
Jan F |
b934981 |
+SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
|
|
Jan F |
b934981 |
RAND_HELPER=$(libexecdir)/ssh-rand-helper
|
|
Jan F |
b934981 |
PRIVSEP_PATH=@PRIVSEP_PATH@
|
|
Jan F |
b934981 |
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
|
Jan F |
b934981 |
@@ -277,6 +278,7 @@ install-files:
|
|
Jan F |
b934981 |
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
|
Jan F |
b934981 |
if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
|
|
Jan F |
b934981 |
$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
|
|
Jan F |
b934981 |
+ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
|
Jan F |
b934981 |
fi
|
|
Jan F |
b934981 |
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
|
Jan F |
b934981 |
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
|
Jan F |
b934981 |
diff -up openssh-5.8p1/ssh-ldap-wrapper.ldap2 openssh-5.8p1/ssh-ldap-wrapper
|
|
Jan F |
b934981 |
--- openssh-5.8p1/ssh-ldap-wrapper.ldap2 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
+++ openssh-5.8p1/ssh-ldap-wrapper 2011-02-25 11:48:59.000000000 +0100
|
|
Jan F |
b934981 |
@@ -0,0 +1,4 @@
|
|
Jan F |
b934981 |
+#!/bin/sh
|
|
Jan F |
b934981 |
+
|
|
Jan F |
b934981 |
+exec /usr/libexec/openssh/ssh-ldap-helper -s "$1"
|
|
Jan F |
b934981 |
+
|