[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to change the login look up order with LDAP?



søn, 2003-02-02 kl. 20:08 skrev Shi Jin:

> I think my problem is in the /etc/pam.d
> My /etc/pam.d/login looks like this:
> [seki@k62 pam.d]$ cat login
> #%PAM-1.0
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_stack.so
> service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_stack.so
> service=system-auth
> password   required     /lib/security/pam_stack.so
> service=system-auth
> session    required     /lib/security/pam_stack.so
> service=system-auth
> session    optional     /lib/security/pam_console.so
> 
> 
> Is there anything wrong with it?

Yes. First, make sure you (somehow or another, you state neither your
OS, distro nor nss_lap version, if any) have PADL's nss_ldap and
pam_ldap packages installed. It doesn't look as if you have. When you
have, a *lot* in /etc/pam.d should have different contents to what you
have now.

Here's my /etc/pam.d/login, for example (but *most* common utility files
are also similarly different). It's taken directly from the PADL
examples:

#%PAM-1.0
auth       required	/lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient	/lib/security/pam_ldap.so
auth       required	/lib/security/pam_unix_auth.so try_first_pass
account    sufficient	/lib/security/pam_ldap.so
account    required	/lib/security/pam_unix_acct.so
password   required	/lib/security/pam_cracklib.so
password   required	/lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so use_first_pass
session    required	/lib/security/pam_unix_session.so
#session    optional     /lib/security/pam_console.so

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl