Thanks for the replies everyone.
It seems to be working without any sshd restart.
Also, I changed ldap conf to a non standard location for some debugging. It still uses same ldap url over ssl, so I didn't have to restart nscd. But it's good to know of potential pitfalls.
-- CS.
On Mon, Aug 30, 2010 at 3:25 PM, Paul Heinlein heinlein@madboa.com wrote:
On Mon, 30 Aug 2010, Carlos S wrote:
Changed system-auth config to use LDAP.
The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.
When would it be requiring restart in general?
Make sure you restart nscd before trying anything else.
If * you're doing LDAP over SSL, * you've configured LDAP to verify peers against a CA certificate, * that cert was not in place when you did the system-auth changes, then sometimes a reboot seems the easiest way out.
I suspect that I haven't played enough with tricks like "telinit u" to figure out the real magic. All I know is that a mid-stream switch to LDAP/SSL doesn't always "take" easily.
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos