{"id":6571,"date":"2017-03-27T08:57:35","date_gmt":"2017-03-27T00:57:35","guid":{"rendered":"http:\/\/rmohan.com\/?p=6571"},"modified":"2017-03-27T08:57:35","modified_gmt":"2017-03-27T00:57:35","slug":"active-directory-ssh-authentication","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6571","title":{"rendered":"active directory ssh authentication"},"content":{"rendered":"

Here is my configs and setups: \/etc\/nsswitch.conf<\/p>\n

\r\npasswd:     compat winbind\r\n\r\nshadow:     compat winbind\r\n\r\ngroup:      compat winbind\r\n\r\n\r\n#hosts:     db files nisplus nis dns\r\n\r\nhosts:      files dns\r\n\r\nbootparams: nisplus [NOTFOUND=return] files\r\n\r\nethers:     files\r\n\r\nnetmasks:   files\r\n\r\nnetworks:   files\r\n\r\nprotocols:  files\r\n\r\nrpc:        files\r\n\r\nservices:   files\r\n\r\nnetgroup:   files\r\n\r\npublickey:  nisplus\r\n\r\nautomount:  files\r\n\r\naliases:    files nisplus<\/pre>\n
\/etc\/pam.d\/system-auth (generated via the “setup” ncurses wizard)<\/p>\n
\r\n#%PAM-1.0\r\n\r\n# This file is auto-generated.\r\n\r\n# User changes will be destroyed the next time authconfig is run.\r\n\r\nauth        required      pam_env.so\r\n\r\nauth        sufficient    pam_unix.so nullok try_first_pass\r\n\r\nauth        requisite     pam_succeed_if.so uid >= 500 quiet\r\n\r\nauth        sufficient    pam_krb5.so use_first_pass\r\n\r\nauth        sufficient    pam_winbind.so use_first_pass\r\n\r\nauth        required      pam_deny.so\r\n\r\n\r\naccount     required      pam_unix.so broken_shadow\r\n\r\naccount     sufficient    pam_succeed_if.so uid < 500 quiet\r\n\r\naccount     [default=bad success=ok user_unknown=ignore] pam_krb5.so\r\n\r\naccount     [default=bad success=ok user_unknown=ignore] pam_winbind.so\r\n\r\naccount     required      pam_permit.so\r\n\r\n\r\npassword    requisite     pam_cracklib.so try_first_pass retry=3\r\n\r\npassword    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok\r\n\r\npassword    sufficient    pam_krb5.so use_authtok\r\n\r\npassword    sufficient    pam_winbind.so use_authtok\r\n\r\npassword    required      pam_deny.so\r\n\r\n\r\nsession     optional      pam_keyinit.so revoke\r\n\r\nsession     required      pam_limits.so\r\n\r\nsession     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid\r\n\r\nsession     required      pam_unix.so\r\n\r\nsession     optional      pam_krb5.so<\/pre>\n
\/etc\/ssh\/sshd_config<\/p>\n
Protocol 2\r\n\r\nSyslogFacility AUTHPRIV\r\n\r\nPasswordAuthentication yes\r\n\r\n\r\n# Change to no to disable s\/key passwords\r\n\r\n#ChallengeResponseAuthentication yes\r\n\r\nChallengeResponseAuthentication no\r\n\r\n\r\n# Kerberos options\r\n\r\nKerberosAuthentication yes\r\n\r\n#KerberosOrLocalPasswd yes\r\n\r\n#KerberosTicketCleanup yes\r\n\r\n#KerberosGetAFSToken no\r\n\r\n\r\n# GSSAPI options\r\n\r\n#GSSAPIAuthentication no\r\n\r\nGSSAPIAuthentication yes\r\n\r\n#GSSAPICleanupCredentials yes\r\n\r\nGSSAPICleanupCredentials yes\r\n\r\n\r\nUsePAM yes\r\n\r\n\r\n# Accept locale-related environment variables\r\n\r\nAcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES\r\n\r\nAcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT\r\n\r\nAcceptEnv LC_IDENTIFICATION LC_ALL\r\n\r\nX11Forwarding yes\r\n\r\n\r\nSubsystem       sftp    \/usr\/libexec\/openssh\/sftp-server<\/pre>\n","protected":false},"excerpt":{"rendered":"
Here is my configs and setups: \/etc\/nsswitch.conf<\/p>\n
 passwd: compat winbind shadow: compat winbind group: compat winbind #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus <\/p>\n
\/etc\/pam.d\/system-auth (generated via the “setup” […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6571"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6571"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6571\/revisions"}],"predecessor-version":[{"id":6572,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6571\/revisions\/6572"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}