- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: LDAP Authentication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2008 05:19 PM
тАО01-25-2008 05:19 PM
LDAP Authentication
1.) The TCP/IP Services SSH server doesn't talk to it as far as I can tell - is there any way to make them play nicely together?
2.) It only allows one LDAP server in the configuration file. That somewhat defeats the point of using a distributed directory for reliability. If I was to define a domain name that had two (or more) address entries and used that name in the configuration file does anyone know if that would work (ie would the authentication module try the second host listed if it couldn't talk to the first, etc?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2008 07:17 PM
тАО01-25-2008 07:17 PM
Re: LDAP Authentication
SSH deals with it, but ...
> 1.) [...]
You mean that when the SSH server gets to
"password" in its "AllowedAuthentications",
list, a good LDAP password fails? (You have
an "ssh -v" transcript from the client which
shows what happens?) Or what?
(I normally use "publickey" for SSH, so I
don't deal much with passwords v. SSH.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2008 08:10 PM
тАО01-25-2008 08:10 PM
Re: LDAP Authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2008 03:58 PM
тАО01-26-2008 03:58 PM
Re: LDAP Authentication
Converting various TCP/IP Services components (IMAP, POP, PCNFS, XDM, and yes, SSH) to use the $ACM system service for password authentication is on the worklist for a future release. The main benefit of such a conversion will be support of Single Sign-On, including LDAP. Such support comes "for free" with TELNET and RLOGIN sessions since it isn't actually TCP/IP prompting for or checking the username, just the standard interactive session startup mechanism involving the terminal driver, the job controller, and LOGINOUT.
Thinking about it as a result of your post, I realize I don't actually know whether FTP and REXEC will honor LDAP passwords. Those components also use LOGINOUT rather than checking passwords directly. Have you tried your LDAP password with either FTP or REXEC?
- Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2008 05:23 PM
тАО01-26-2008 05:23 PM
Re: LDAP Authentication
As to ssh I guess we're neophytes here, we tend to use it as a more secure version of telnet rather than getting into exotic authentication methods such as public key.
It appears that the "standard" ssh implementation allows keyboard-interactive authentication, which would allow me to write a program/script that could get the password and verify it against ACM, but the TCP/IP services implementation doesn't appear to support this (I can put it in the config file but it appears to be ignored)