[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid credentials

To: Adam Denenberg <adam@dberg.org>
Subject: Re: Invalid credentials
From: Stephan Siano <stephan.siano@suse.de>
Date: Fri, 14 Nov 2003 08:45:16 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1068759645.615.42.camel@localhost.localdomain>
References: <1068759645.615.42.camel@localhost.localdomain>
User-agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.4) Gecko/20030821

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Denenberg schrieb:
| Ok, sorry for the long post but i want to post as much complete
| information as possible. My configuration is that i have an openldap
| server (2.1.23 on redhat 8) running using TLS for communication.  I use
| SASL for authentication which uses pam authentication via radius.
|
| When i try and authenticate via ldapsearch it works just fine.  However
| when i try to ssh in using pam_ldap, authentication fails for some
| reason (invalid credentials in messages file).  can someone try and shed
| some light as to what is happening here?  Here are my log output for
| both the ldapsearch (successful) and the ssh attempt (failure).
|
|
| LDAPSEARCH ATTEMPT
| ************************************************************
| #ldapsearch -H ldap://ldap.ops.testdomain.com/ -Uadenenberg  -b
| "dc=testdomain,dc=com" -YPLAIN  -LLL -ZZ "(uid=adenenberg)"
|

Hi,

your result isn't too surprising in the LDAP case you don't authenticate
~ to the LDAP server at all, but you are using a SASL mechanism to
authenticate to an external source.

pam_lda, in contrast, tries to authenticate to the LDAP directory (it
performs a simple bind what is actually the same as if you were doing a
ldapsearch with the -x -D and -W parameters instead oif -U and -Y). If
you want to authenticate your ssh-connection against the readius server
you would need some pam_radius or the like (if this exists).

Yours
Stephan Siano

- --
- ----------------------------------------------------------------------
Dr. Stephan Siano, Consultant
SUSE LINUX AG, Mergenthalerallee 45-47, D-65760 Eschborn
T: +49 (0) 6196 5095131
F: +49 (0) 6196 409607    - stephan.siano@suse.com
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/tIgMyNxjFYe4G+cRAhy7AKCJyane+UpVrPg1uWaJ2s7eZsD1mACdHutk
6r0a50MXe7E/rgKYHih4HWU=
=nXDo
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Invalid credentials
  - From: Adam Denenberg <adam@dberg.org>

References:
- Invalid credentials
  - From: Adam Denenberg <adam@dberg.org>

Prev by Date: Re: Common Address Book
Next by Date: Re: Common Address Book
Index(es):
- Chronological
- Thread