caveden

Hello everybody,

First of all, sorry if this was not the proper forum to ask this question (I hesitated among this and the "networking" one) or if it has been answered somewhere, but I really couldn't find it.

I'm testing the pam_ssh module in order to have a single sign on behavior in my network, but even that isn't working perfectly: the users logs in with his private key passphrase, but the ssh-agent apparently doesn't load at this moment, since at the first attempt to do a ssh the passphrase is asked again - from this point on, it's not asked anymore during this session.

Couldn't it be loaded at the login to the workstation?

Anyway, what I really would like to do was to make this single sign on integrated with LDAP. The user, registered on LDAP and maybe with no homedir on the workstation yet (therefore, no private key), would type his LDAP password and the system would not only authenticate him, but also download the private key from the LDAP server and instantiate the ssh-agent so he never has to type his password again during this session - this is important because we would like to have some scripts opening ssh sessions without prompting the user for his password again (and also because single sign on is quite nice too )

I haven't found any tutorial explaining how I could integrate pam_ssh with ldap. Am I really the first person wanting to do such a thing?

For information, all stations (clients and servers) run Ubuntu 9.04.

Thank you!