[Info-vax] tcpip 10.6

[John Santos]

In article <af9551cf-a0dc-4ce6-a0cc-84a8f5299268
@googlegroups.com>, rvwhalen at gmail.com says...
> 
> The SSH implementation does NOT support LDAP for authentication.
> 
> The supported methods for user authentication are: host based, public key,
> Kerberos, password (standard, radius, keyboard interactive).

LDAP in 10.6 DOES work for authenticating local logins 
(console or serial ports), DECnet ($ set host), LAT and 
telnet.*  But not for SSH.

I normally use public key authentication, but I just tried 
it connecting from a Linux server to a VMS 8.4-2L1 rx2600 
on which I installed VSI TCP/IP about 2 hours ago.  It 
asked me for my SSH passphrase and I typed <return>.  It 
then asked me for my VMS password, which I entered, and it 
let me log in.  However it DID NOT say "**** Logon 
authenticated by LDAP ****", which it normally says with 
LDAP logins, so I think it fell back to SYSUAF 
authentication.  (I have both ExtAuth and VMSAuth set in 
my SYSUAF flags, which is supposed to fall back to local 
VMS authentication if it can't talk to the LDAP server for 
some reason.  I think if I cleared the VMSAuth flag, this 
would have failed.)

I tried one of my other hosts running V8.4 and the HP 
TCP/IP stack, and it did say it used LDAP to authenticate.

Same with another 8.4-2L1 system that is still running the 
HP stack.

So this matches what Richard said.

[*] None of those methods use TCP/IP for the interactive 
connection, but LDAP does use TCP/IP to connect to the 
OpenLDAP servers.

I was pleasantly surprised when I installed VSI TCP/IP 
10.6 and LDAP just worked.  I thought I would probably 
have to go through the whole configuration process again 
and discover lots of little unexplainable quirks, but it 
just worked.  Didn't even have to enable anything special 
in TCP/IP.