[Date Prev][Date Next]
Re: [pamldap] Solaris - pam_check_host_attr and local logins
I did not get any help. I have not found an answer yet. Anyone have an
idea what I need to do?
I have attached my pam.conf file.
On Tue, 2004-03-02 at 14:18, Ezsra McDonald wrote:
> My requirements just got more complex. We have some
> local accounts for batch processing that do remote
> shells to this box for different tasks. I do not want
> these users to be in LDAP. I also want to use the
> pam_check_host_attr for non-local user access
> The way I have it now an LDAP user may login but not a
> local user. This is because of the requirement to make
> the pam_check_host_attr feature work.
> I want my pie and to eat it too.
> I am on Solaris 8, so I use the /etc/pam.conf file. I
> have attached this file for your review.
> Has anyone else done this on Solaris?
> I found a reference to a possible solution but it only
> seems to work on Redhat:
> Does anyone know of a similar option for solaris? My
> solaris box complains when I try this example.
> I have the following compiled and installed
> Your assistance is appreciated,
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
#ident $Id: pam.conf,v 1.5 2003/11/26 08:26:35 hyc Exp $
# PAM configuration for LDAP is sufficient, otherwise UNIX
# mandatory authentication policy.
# Authentication management
login auth sufficient /usr/lib/security/pam_ldap.so.1
login auth required /usr/lib/security/pam_unix.so.1 use_first_pass
login auth required /usr/lib/security/pam_dial_auth.so.1
telnet auth sufficient /usr/lib/security/pam_ldap.so.1
telnet auth required /usr/lib/security/pam_unix.so.1 use_first_pass
rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_ldap.so.1
rlogin auth required /usr/lib/security/pam_unix.so.1 use_first_pass
dtlogin auth sufficient /usr/lib/security/pam_ldap.so.1
dtlogin auth required /usr/lib/security/pam_unix.so.1 use_first_pass
rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_ldap.so.1
other auth required /usr/lib/security/pam_unix.so.1 use_first_pass
# Account management
login account sufficient /usr/lib/security/pam_ldap.so.1
login account required /usr/lib/security/pam_unix.so.1
dtlogin account sufficient /usr/lib/security/pam_ldap.so.1
dtlogin account required /usr/lib/security/pam_unix.so.1
other account required /usr/lib/security/pam_ldap.so.1
other account sufficient /usr/lib/security/pam_unix.so.1
# Session management, not implemented by pam_ldap
other session required /usr/lib/security/pam_unix.so.1
# Password management
#other password required /usr/lib/security/pam_unix.so.1
other password required /usr/lib/security/pam_ldap.so