[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
2nd: re: AW: Authentication problem.
To further my understanding from the answer to the ldap authentication problem, which may have been related to an issue I had on Redhat a while back:
RE:
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
This allows the user to be authorized in this layer of Pam if he exists in Ldap OR /etc/shadow (/etc/passwd). AND if I was to change these to required, you would have to exist in BOTH of them correct?
> Yes, this is because of:
auth sufficient /lib/security/pam_unix.so likeauth nullok
What mechanism holds this up? Do you mean e.g.:
login: root
or su root won't allow you to login as root with out the pam_unix.so module in the stack?
This line allows local users. But without this line, you aren?t allowed
to login as "root" anymore. <
re:
Yes, this is because of:
auth sufficient /lib/security/pam_unix.so likeauth nullok
This line allows local users. But without this line, you aren?t allowed
to login as "root" anymore.
To disable some local users, you could use the pam_listfile module:
auth required /lib/security/pam_env.so
auth required /lib/security/pam_listfile.so item=user
onerr=fail\
sense=deny file=/etc/invalidusers
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
Juergen
-----Ursprüngliche Nachricht-----
Von: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] Im Auftrag von
alexlam@msolutions.com.hk
Gesendet: Montag, 19. August 2002 08:16
An: openldap-software@OpenLDAP.org
Betreff: Authentication problem.
Hi,
My questiong may be a little bit off topic. But, I hope I can get some
help or hints to solve my problem.
I am trying to setup Redhat 7.3 to authenticate against Openldap 2.1.3.
I use the "authconfig" shipped with Redhat 7.3 to setup the system.
It authenticate my ldap accounts in Redhat 7.3 correctly.
However, when I tried to authenticate with the system account. It
authenticated too.
Is it normal?
"authconfig" has generated the following "system-auth" file in
/etc/pam.d.
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
Do I need to change the above file to make it authenticating with
Openldap only?
Thanks,