[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Authentication problem.



Yes, this is because of:
auth        sufficient    /lib/security/pam_unix.so likeauth nullok

This line allows local users. But without this line, you aren?t allowed
to login as "root" anymore.
To disable some local users, you could use the pam_listfile module:
auth        required      /lib/security/pam_env.so
auth       required     /lib/security/pam_listfile.so item=user
onerr=fail\
 sense=deny file=/etc/invalidusers
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

Juergen
-----Ursprüngliche Nachricht-----
Von: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] Im Auftrag von
alexlam@msolutions.com.hk
Gesendet: Montag, 19. August 2002 08:16
An: openldap-software@OpenLDAP.org
Betreff: Authentication problem.

Hi,
 
My questiong may be a little bit off topic. But, I hope I can get some
help or hints to solve my problem.
 
I am trying to setup Redhat 7.3 to authenticate against Openldap 2.1.3.
I use the "authconfig" shipped with Redhat 7.3 to setup the system.
It authenticate my ldap accounts in Redhat 7.3 correctly.
However, when I tried to authenticate with the system account. It
authenticated too.
Is it normal?
 
"authconfig" has generated the following "system-auth" file in
/etc/pam.d.
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so
 
account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
 
password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so
 
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so
 
Do I need to change the above file to make it authenticating with
Openldap only?
 
Thanks,
Alex Lam