[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP & PAM & Solaris 7

To: <OpenLDAP-Software@OpenLDAP.org>
Subject: LDAP & PAM & Solaris 7
From: "nate" <ldap@aphroland.org>
Date: Wed, 20 Feb 2002 00:10:57 -0800 (PST)
Importance: Normal

This is probably(hopefully) a stupid question, and
hopefully easy to answer.

I am trying to get LDAP authentication working on Solaris 7.
it works fine on Linux. I had this exact same problem on
linux
yesterday, and kept playing with it eventually got it working
by finding a working config. solaris seems harder to
config.

The problem is:
If a local user does not exist, PAM doesn't try to authenticate
via LDAP. I have confirmed this with debug logs of openldap.

If i add the user to the local system it works. e.g.
i add a local user, with no password, when i login
as this user it allows me in, the LDAP server shows a
lot of activity and I get a bunch of enviornment
variables
set from PAM "debug1: PAM establishing creds"

so it sounds to me like a PAM configuration issue. I've
been pulling my hair out for almost 2 hours on this and
haven't gotten very far. I have visited dozens of websites
and searched archives but haven't found any help.

So if someone has this working can you send me a copy
of your PAM config?

specifically i am trying with Openssh. If you need
more info about what all software i'm using i can
provide it, but i think since ive narrowed it down
to a configuration issue in pam.conf it may not
be needed? im just so sleepy.

here is my pam.conf (ive tried dozens of configs, this
is the most recent):

#ident  "@(#)pam.conf 1.19     95/11/30 SMI"
#
# PAM configuration
#
# Authentication management
#
login   auth sufficient   /usr/lib/security/pam_ldap.so.1
login   auth required   /usr/lib/security/pam_unix.so.1 try_first_pass
login   auth required   /usr/lib/security/pam_dial_auth.so.1
#
rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/pam_unix.so.1
#
dtlogin auth required   /usr/lib/security/pam_unix.so.1
#
rsh     auth required   /usr/lib/security/pam_rhosts_auth.so.1
other   auth sufficient   /usr/lib/security/pam_ldap.so.1
other   auth required   /usr/lib/security/pam_unix.so.1 try_first_pass
#
# Account management
#
login   account sufficient        /usr/lib/security/pam_ldap.so.1
login   account required        /usr/lib/security/pam_unix.so.1
try_first_passdtlogin account required        /usr/lib/security/pam_unix.so.1
#
other   account sufficient      /usr/lib/security/pam_ldap.so.1
other   account required        /usr/lib/security/pam_unix.so.1
try_first_pass#
# Session management
#
other   session sufficient      /usr/lib/security/pam_ldap.so.1
other   session required        /usr/lib/security/pam_unix.so.1
try_first_pass#
# Password management
#
other   password required       /usr/lib/security/pam_ldap.so.1
other   password required       /usr/lib/security/pam_unix.so.1
try_first_passhttpd   auth sufficient /usr/lib/security/pam_unix.so.1

kde     auth required   /usr/lib/security/pam_unix.so.1
kde     auth required   /usr/lib/security/pam_dial_auth.so.1
kde     account required        /usr/lib/security/pam_unix.so.1

Follow-Ups:
- Re: LDAP & PAM & Solaris 7
  - From: "nate" <ldap@aphroland.org>

Prev by Date: Acl options
Next by Date: Antwort: RE: password change takes 20 seconds
Index(es):
- Chronological
- Thread