SUMMARY: Trouble last after SSH + LDAP

From: Jeff Allen <>
Date: Tue Aug 29 2006 - 08:35:03 EDT
As it turned out this is an issue with OpenSSH 4.3p1. There is a  
patch avilable at: 

Did a make distclean, applied the patch, and rebuilt with no problems.

Thanks to Francois Bousquet who replied suggesting I use the native  
Solaris pam_ldap. We're using Apple's Open Directory and I'm not  
brave enough to go about patching and recompiling the slapd included  
with that.

Original Post:

> I have just set up a PAM enabled OpenSSH daemon to allow
> authentication against an OpenLDAP server. Authentication is working
> fine but when I run the last command SSH logins do not have a
> terminal or host name listed and the login date is "Wed Dec 31
> 20:00". A log out time isn't recorded when logging out and last
> reports "still logged in". Finger reports all the correct information
> so it seems to be getting name service info properly. Does last and
> wtmpx not use the OS name service stuff? Has anyone seen this before?
> Background:
> Solaris 8 kernel 117350-28
> OpenLDAP client 2.3.27
> LDAP patch 108993-49 (similar behavior experienced with revision 60)
> OpenSSH 4.3p1 / OpenSSL 0.9.7f
> PAM LDAP module 1.80
> NSS LDAP module 2.52
> nscd has been restarted, but ldap_cachemgr is not running, I have
> read it is not recommended with OpenLDAP, only with Sun's directory
> server.

Jeff Allen
Systems Administrator
Faculty of Computer Science
Dalhousie University
Halifax NS Canada
sunmanagers mailing list
Received on Tue Aug 29 08:35:41 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:00 EST