[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RH61 pam_ldap
On Wed, 12 Jan 2000, Purwanto wrote:
> I just try pam_ldap as auth metode on Redhat61.
> Only user that i migrate from /etc/passwd can login.
> I try to add new user on ldap using ldap_add and web500gw, but didnot
> work (back to login prompt after typing passwd).
>
> /var/log/messages when login as user that i create on ldap server
>
> Jan 12 14:29:48 sipoer2 PAM_unix[10980]: (login) session opened for user
> purwanto by LOGIN(uid=0)
>
> /var/log/messages when login as unknown user
>
> Jan 12 14:30:17 slack2 PAM_unix[11008]: check pass; user unknown
> Jan 12 14:30:17 slack2 PAM_unix[11008]: authentication failure;
> LOGIN(uid=0) -> pur for login service
> Jan 12 14:30:19 slack2 login[11008]: FAILED LOGIN 1 FROM (null) FOR pur,
> Authentication service cannot retrieve authentication info.
What does your login file look like in /etc/pam.d?
This is what I have for /etc/pam.d/login:
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok use_first_pass
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_pwdb.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session sufficient /lib/security/pam_ldap.so
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
If I recall, I had a problem with trying to login and it'd drop me right
back to the login prompt. I think it has to do with the order in the pam.d
files and whether you're using sufficient or required access. But I'm new
to this whole pam thing. =)
> Is that any user management for ldap ?
I haven't found any, so I've been writing programs in perl, primarily an X
interface in Perl/Tk, to help with user administration (adding, deleting,
modifying, searching). If you're a perl person, you may want to try that.
I'm still working on some possible bugs, but it's going well.
-- Sean...