[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RH61 pam_ldap

To: Purwanto <purwanto@makro.co.id>
Subject: Re: RH61 pam_ldap
From: Aradia <aradia@teleport.com>
Date: Wed, 12 Jan 2000 09:59:17 -0800 (PST)
Cc: OpenLDAP List <openldap-general@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.10.10001121456580.29362-100000@sipoer.makro.co.id>

On Wed, 12 Jan 2000, Purwanto wrote:

> I just try pam_ldap as auth metode on Redhat61.
> Only user that i migrate from /etc/passwd can login.
> I try to add new user on ldap using ldap_add and web500gw, but didnot
> work (back to login prompt after typing passwd).
> 
> /var/log/messages when login as user that i create on ldap server
> 
> Jan 12 14:29:48 sipoer2 PAM_unix[10980]: (login) session opened for user
> purwanto by LOGIN(uid=0)
> 
> /var/log/messages when login as unknown user
> 
> Jan 12 14:30:17 slack2 PAM_unix[11008]: check pass; user unknown
> Jan 12 14:30:17 slack2 PAM_unix[11008]: authentication failure;
> LOGIN(uid=0) -> pur for login service
> Jan 12 14:30:19 slack2 login[11008]: FAILED LOGIN 1 FROM (null) FOR pur,
> Authentication service cannot retrieve authentication info.

What does your login file look like in /etc/pam.d?

This is what I have for /etc/pam.d/login:

#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_pwdb.so shadow nullok use_first_pass
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_pwdb.so
session    optional     /lib/security/pam_console.so

If I recall, I had a problem with trying to login and it'd drop me right
back to the login prompt. I think it has to do with the order in the pam.d
files and whether you're using sufficient or required access. But I'm new
to this whole pam thing. =)

> Is that any user management for ldap ?

I haven't found any, so I've been writing programs in perl, primarily an X
interface in Perl/Tk, to help with user administration (adding, deleting,
modifying, searching). If you're a perl person, you may want to try that.
I'm still working on some possible bugs, but it's going well.

-- Sean...

References:
- RH61 pam_ldap
  - From: Purwanto <purwanto@makro.co.id>

Prev by Date: Re: RH61 pam_ldap
Next by Date: Five fundamental questions from a newbie
Index(es):
- Chronological
- Thread