[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to change the login look up order with LDAP?

To: Tony Earnshaw <tonni@billy.demon.nl>
Subject: Re: How to change the login look up order with LDAP?
From: julien Touche <julien.touche@lycos.com>
Date: Sun, 02 Feb 2003 22:41:48 +0100
Cc: Shi Jin <jinzishuai@yahoo.com>, software openldap <openldap-software@OpenLDAP.org>
In-reply-to: <1044216687.26213.87.camel@localhost>
References: <20030202190849.91303.qmail@web14912.mail.yahoo.com> <1044216687.26213.87.camel@localhost>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130

Tony Earnshaw wrote:

søn, 2003-02-02 kl. 20:08 skrev Shi Jin:

I think my problem is in the /etc/pam.d
My /etc/pam.d/login looks like this:
[seki@k62 pam.d]$ cat login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so
service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so
service=system-auth
password   required     /lib/security/pam_stack.so
service=system-auth
session    required     /lib/security/pam_stack.so
service=system-auth
session    optional     /lib/security/pam_console.so

Is there anything wrong with it?

Yes. First, make sure you (somehow or another, you state neither your
OS, distro nor nss_lap version, if any) have PADL's nss_ldap and
pam_ldap packages installed. It doesn't look as if you have. When you
have, a *lot* in /etc/pam.d should have different contents to what you
have now.

In fact, it's a redhat "problem". when you configure auth with the redhat "setup" tool, it manages to change only ONE file. that's why auth is resturned by service=system-auth, which is used in all other pam files.

the corresponding file in /etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account required /lib/security/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pa m_ldap.so

password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

and by default, an ldap-configured auth is not reporting to files ... ask redhat why ...


Regards

		Julien

Follow-Ups:
- Re: How to change the login look up order with LDAP?
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- Re: How to change the login look up order with LDAP?
  - From: Shi Jin <jinzishuai@yahoo.com>
- Re: How to change the login look up order with LDAP?
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: OpenLDAP 2.1 and ACL
Next by Date: Re: OpenLDAP 2.1 and ACL
Index(es):
- Chronological
- Thread