[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to change the login look up order with LDAP?
søn, 2003-02-02 kl. 20:08 skrev Shi Jin:
> I think my problem is in the /etc/pam.d
> My /etc/pam.d/login looks like this:
> [seki@k62 pam.d]$ cat login
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_stack.so
> service=system-auth
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_stack.so
> service=system-auth
> password required /lib/security/pam_stack.so
> service=system-auth
> session required /lib/security/pam_stack.so
> service=system-auth
> session optional /lib/security/pam_console.so
>
>
> Is there anything wrong with it?
Yes. First, make sure you (somehow or another, you state neither your
OS, distro nor nss_lap version, if any) have PADL's nss_ldap and
pam_ldap packages installed. It doesn't look as if you have. When you
have, a *lot* in /etc/pam.d should have different contents to what you
have now.
Here's my /etc/pam.d/login, for example (but *most* common utility files
are also similarly different). It's taken directly from the PADL
examples:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so
#session optional /lib/security/pam_console.so
Best,
Tony
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl