Thanks for the reply.
If you want to know how to control OpenSSH settings, it seems to me
should ask on an OpenSSH mailing list.
It's not an openssh setting other than *usePam yes*. It's *most* likely a
pam setting either /etc/pam.d/sshd or in /etc/pam.d/system-auth.
Since ssh honors these settings for local accounts and even for ldap accounts
without keys, it seems logical that someone in the ldap community would have
faced this issue already.
Thanks again for the reply.
Senior UNIX/Security Admin
CISSP, CISA, RHCSA, CEH
O'Leary Computers Inc
dkoleary(a)olearycomputers.com (w) 630-904-6098 (c) 630-248-2749