[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
cannot use shutdown (and others) with pam_ldap
Hi all!
I'm currently using openldap-1.2.9 together with the latest nss_ldap and pam_ldap
and I am successfully authenticating my users. I changed a lot in the /etc/pam.d
files and think I've got it right. Almost every program which uses PAM works.
I can use su, sudo, xdm, gdm, kdm, ftp, pop3 and many others.
But the ones that use userhelper/consolehelper don't seem to work.
Only users in the /etc/passwd file can use them. With others, nothing happens:
[andreas@pandora andreas]$ shutdown
[andreas@pandora andreas]$
User "andreas" is only present in the ldap directory. If I do the same with an user which
is in the /etc/passwd file, the command works.
An strace results in (last lines):
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
execve("/usr/sbin/userhelper", ["/usr/sbin/userhelper", "-t", "-w", "shutdown"], [/* 28 vars */]) = -1 EPERM (Operation not permitted)
_exit(1) = ?
My /etc/pam.d/shutdown:
#%PAM-1.0
auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_console.so
auth sufficient /lib/security/pam_pwdb.so
auth required /lib/security/pam_ldap.so use_first_pass
account required /lib/security/pam_permit.so
I have even changed every PAM entry in this file with a pam_permit, but it didn't seem to work.
NSS is doing its job, if I ls /home I get usernames, not UIDs. If I stop LDAP, I start
getting UIDs. I have "files ldap" in the nsswitch.conf for password, shadow and group.
Any thoughts?
--
Andreas Hasenack
andreas@conectiva.com.br
BIG Linux user!