Thanks for the replies everyone. It seems to be working without any sshd restart. Also, I changed ldap conf to a non standard location for some debugging. It still uses same ldap url over ssl, so I didn't have to restart nscd. But it's good to know of potential pitfalls. -- CS. On Mon, Aug 30, 2010 at 3:25 PM, Paul Heinlein <heinlein at madboa.com> wrote: > On Mon, 30 Aug 2010, Carlos S wrote: > >> Changed system-auth config to use LDAP. >> >> The sshd config is configured to use PAM. I am not sure whether it >> load that file at daemon start or refers to it every time a login >> attempt with password is made. >> >> When would it be requiring restart in general? > > Make sure you restart nscd before trying anything else. > > If > * you're doing LDAP over SSL, > * you've configured LDAP to verify peers against a CA certificate, > * that cert was not in place when you did the system-auth changes, > then sometimes a reboot seems the easiest way out. > > I suspect that I haven't played enough with tricks like "telinit u" to > figure out the real magic. All I know is that a mid-stream switch to > LDAP/SSL doesn't always "take" easily. > > -- > Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >