[Date Prev][Date Next]
Re: Check ppolicy
Have you set 'pam_lookup_policy yes' in pam_ldap's ldap.conf?
# cat /usr/local/etc/ldap.conf | grep pam_lookup
Are you using pam_ldap in the "account" lines of your PAM configuration?
Yes (if you refer to sshd, which is the service that I use with PAM to
make the request in LDAP cluster).
# cat /etc/pam.d/sshd | grep account
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so
account required pam_unix.so
, Prakash Velayutham says:
"Wanted to give a heads up. I have found a solution to this one and it
was not pam_ldap. It was the OpenSSH on my system. I was running OpenSSH
4.1p1 and looks like this issue was fixed in 4.3p2 and higher. I got the
latest 4.5p2 and things are working now. I will test some more and
report back again soon. "
Effectively, I use FreeBSD 7.0 which is shipped with OpenSSH 4.5p1; but
I've upgrade teh OpenSSH to 5.2p1 and I cannot see the warning messages yet.
Jordi Espasa Clofent