Administrace komentářů

DenyUsers all
AllowUsers ttest

cat /etc/nsswitch.conf 
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
#group: compat
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd: files ldap
#passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

cat /etc/pam.d/sshd 
# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_ldap.so
#auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_nologin.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_ldap.so
#account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         sufficient      pam_ldap.so
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_ldap.so
#password        required        pam_unix.so             no_warn try_first_pass

sshd[81597]: pam_ldap: error trying to bind as user "cn=Test Test,ou=Operations,ou=HQ,ou=People,dc=test,dc=com" (Invalid credentials)
sshd[81595]: error: PAM: authentication error for illegal user ttest from 1.2.3.4