[Discuss] Using sftp without a shell account
Bill Horne
bill at horne.net
Tue Dec 30 09:59:55 EST 2014
On 12/29/2014 3:16 PM, Derek Martin wrote:
> On Sun, Dec 28, 2014 at 08:58:13PM -0500, Bill Horne wrote:
>> I'm setting up an LDAP-based server, which will be used for file
>> transfers among other things. I'd like to allow LDAP users to access
>> the machine via sftp, but I can't figure out how to do that without
>> giving each user a local shell account, and I'm looking for advice.
> The long and short of it is you need to make sure that OpenSSH is
> using PAM, and that your PAM configuration is correct for doing LDAP
> lookups for account info and such. You also need to modify
> /etc/nsswitch.conf.
I don't see an nsswitch.conf file on the machine.
>
> This page may or may not be useful:
>
> https://wiki.debian.org/LDAP/NSS
I'll check it out, thanks.
>
>> The LDAP users can access ftp without trouble, but not sftp.
> That is potentially interesting, but there are a wide variety of ftp
> servers, and configuring authentication for them varies as well.
> Without more details about how your system is configured, I expect it
> will be difficult to provide additional useful advice.
It's a Mac Mini, with a generic OS X Yosemite installation, and OS X
Server 4.1 installed.
There are a couple of "local" users, which are just administrative
accounts. Everyone else is a "network" user, entered in Open DIrectory
but not in the local machine. I'm hoping that Open Directory is "close
enough" to OpenLDAP that I can transfer knowledge.
Thanks for your help!
Bill
More information about the Discuss
mailing list