[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Passwords in OpenLDAP - another question

Title: RE: Passwords in OpenLDAP - another question


I apologize for not getting back to you sooner but I was on vacation; then working on other stuff.

Most of what I have read seems to indicate that you add an entry like this to the /etc/pam.d/sshd file:

auth sufficient /lib/security/pam_ldap.so

in front of the default entry:

auth required /lib/security/pam_unix.so shadow nullok use_first_pass

Also, it looks like you make a similar change to the account entry.

However, my /etc/pam.d/sshd file (RedHat 8.0) looks like this:

[root@anadts41 pam.d]# cat sshd
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so
[root@anadts41 pam.d]#

I haven't been able to find a definition of what pam_stack.so is (in the Linux-PAM System Administrators' Guide, for example) so I don't know if this is correct or not.

Thanx for any assistance anyone can provide a PAM/LDAP newbee (in case that wasn't evident from my question!).


-----Original Message-----
From: Brent Kearney [mailto:brent@kearneys.ca]
Sent: Tuesday, June 24, 2003 2:51 PM
To: Jadick, Joe
Cc: openldap-software@OpenLDAP.org
Subject: Re: Passwords in OpenLDAP - another question

On Tue, Jun 24, 2003 at 02:11:03PM -0700, Jadick, Joe wrote:
> Hi,
> I have a follow-up question to the original thread.
> My environment is Red Hat Linux, 8.0 with OpenLDAP 2.1.17.
> I added a user via useradd; migrated him to LDAP using the migration tools;
> and then deleted him via userdel.
> I find that I can su to this account from another one and, after providing
> the password, everything works OK.
> Also, the getent and ldapsearch displays seem to be correct (both when the
> user was in LDAP and files and after I deleted him from files).
> However, when I try to log into the account directly using SSH it won't
> accept the password.
> Any ideas what I'm doing wrong?

Have you modified the /etc/pam.d/* files appropriately (specifically,
the one for ssh)?




This message contains confidential information intended only for the use of the addressee(s)

named above and may contain information that is legally privileged.  If you are not the

addressee, or the person responsible for delivering it to the addressee, you are hereby
notified that reading, disseminating, distributing or copying this message is strictly prohibited. 

If you have received this message by mistake, please immediately notify us by replying to the

message and delete the original message immediately thereafter.


Thank you.                                                                                                       FADLD Tag