[Date Prev][Date Next]
LDAP & PAM & Solaris 7
This is probably(hopefully) a stupid question, and
hopefully easy to answer.
I am trying to get LDAP authentication working on Solaris 7.
it works fine on Linux. I had this exact same problem on
yesterday, and kept playing with it eventually got it working
by finding a working config. solaris seems harder to
The problem is:
If a local user does not exist, PAM doesn't try to authenticate
via LDAP. I have confirmed this with debug logs of openldap.
If i add the user to the local system it works. e.g.
i add a local user, with no password, when i login
as this user it allows me in, the LDAP server shows a
lot of activity and I get a bunch of enviornment
set from PAM "debug1: PAM establishing creds"
so it sounds to me like a PAM configuration issue. I've
been pulling my hair out for almost 2 hours on this and
haven't gotten very far. I have visited dozens of websites
and searched archives but haven't found any help.
So if someone has this working can you send me a copy
of your PAM config?
specifically i am trying with Openssh. If you need
more info about what all software i'm using i can
provide it, but i think since ive narrowed it down
to a configuration issue in pam.conf it may not
be needed? im just so sleepy.
here is my pam.conf (ive tried dozens of configs, this
is the most recent):
#ident "@(#)pam.conf 1.19 95/11/30 SMI"
# PAM configuration
# Authentication management
login auth sufficient /usr/lib/security/pam_ldap.so.1
login auth required /usr/lib/security/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/pam_dial_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/pam_unix.so.1
dtlogin auth required /usr/lib/security/pam_unix.so.1
rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_ldap.so.1
other auth required /usr/lib/security/pam_unix.so.1 try_first_pass
# Account management
login account sufficient /usr/lib/security/pam_ldap.so.1
login account required /usr/lib/security/pam_unix.so.1
try_first_passdtlogin account required /usr/lib/security/pam_unix.so.1
other account sufficient /usr/lib/security/pam_ldap.so.1
other account required /usr/lib/security/pam_unix.so.1
# Session management
other session sufficient /usr/lib/security/pam_ldap.so.1
other session required /usr/lib/security/pam_unix.so.1
# Password management
other password required /usr/lib/security/pam_ldap.so.1
other password required /usr/lib/security/pam_unix.so.1
try_first_passhttpd auth sufficient /usr/lib/security/pam_unix.so.1
kde auth required /usr/lib/security/pam_unix.so.1
kde auth required /usr/lib/security/pam_dial_auth.so.1
kde account required /usr/lib/security/pam_unix.so.1