Originally posted by: kenbor
Hi All,
I have been attempting to get AIX to authenticate SSH connections against an IBM TAM for the last few weeks, where I am at a halt with this problem:
I have an AIX (client) oslevel 6.1.2.0, which has openssh_5.8p2, OpenSSL 0.9.8h 28 May 2008 with padl pam, when I try to access this machine from itself or from any other using ssh -p223
kentest@127.0.0.1 I am seeing the following in the logs and I am unable to authenticate:
Aug 1 13:23:52 test-lpar auth|security:debug sshd: PAM: pam_authenticate: error Authentication failed
Aug 1 13:23:52 test-lpar auth|security:debug sshd: PAM: pam_set_item(6)
Aug 1 13:23:52 test-lpar auth|security:info syslog: ssh: failed login attempt for UNKNOWN_USER from loopback
Aug 1 13:23:53 test-lpar auth|security:debug sshd: PAM: pam_set_item(5)
Aug 1 13:23:53 test-lpar auth|security:debug sshd: PAM: pam_authenticate()
Aug 1 13:23:53 test-lpar auth|security:debug sshd: PAM: load_modules: /usr/lib/security/pam_ldap.so
Aug 1 13:23:53 test-lpar auth|security:debug sshd: PAM: pam_set_item(6)
Aug 1 13:23:53 test-lpar auth|security:err|error sshd
876730: pam_ldap: error trying to bind as user "uid=kentest,ou=users,dc=test,dc=mt" (Invalid credentials)
This only happens if the system I attempt to ssh to does not have the user setup, if the users exists on the system and has no password setup I can connect and SSH manages to authenticate against the LDAP.
For the Directory side I am using IBM Tivoli Access Manager for eBusiness v 6.1 running on top of AIX 5.3 ML 5.3.0.0.
If there is anyone who can help solve this riddle before I tear all my hair out I would be eternally grateful.
thanks
#AIX-Forum