it was like this:
ldap user on a solaris 10 box with a pubkey or without a pubkey was unable to ssh to other systems, be they solaris or otherwise. this was the case for all zillion solaris 10 sparc and x86 systems i have. not so for solaris 9. and nope for solaris 11.
first i thought there was something amiss with the user's ssh directory. maybe it was the perms on the mount. hell. maybe it was an issue then with the ldap record. the ssh daemons? time to debug...
localhost # /usr/lib/ssh/sshd -p 2222 -Dddd localhost ~ ssh -vvv -l notme -p 2222 localhostlittle did i know, it was not a problem with:
/etc/pam.conf login auth sufficient pam_ldap.so.1nor an issue with:
/etc/ssh/ssh_conf Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/nullor even:
/etc/ssh/sshd_conf #ListenAddress 0.0.0.0 #ListenAddress ::no no.
it was the existence of this wickedness:
localhost notme ~ .sunwi don't care what that directory holds, it makes my systems puke:
localhost # cp -r /notme/.sunw /notme/.sunw.crap localhost # rm -rf /notme/.sunw ; mkdir /notme/.sunw localhost # chmod ugo-rwx /notme/.sunw localhost # la -al /notme/ |grep .sunw* drwxrwxr-x 5 notme notme 4096 Nov 13 13:31 .sunw.crap d--------- 2 notme notme 4096 Nov 13 13:31 .sunw