[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: pam_ldap: What if LDAP server not reachable?
Yes I still don't known why Redhat keeps running with this config ?
I add "account sufficient /lib/security/pam_localuser.so" in system auth
and it work fine:
$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account sufficient /lib/security/pam_localuser.so
account [default=bad success=ok service_err=ignore
system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
notice I also removed user_unknow=ignore in account pam_ldap to enable
pam_filters in /etc/ldap.conf !
Johnny Morano wrote:
Howdy...
I'm playing at bit with PAM (for the first time) and after 3 days now,
/me is going bananas, seriously...
myProblem: I use pam_ldap to authenticate users against an LDAP server.
This nice redhat 8.0 installation f**** up my network settings if i
specify module options in /etc/modules.conf. This is the least of my
probs. BUT, if my network doesn't get enabled, i'm also not enable to
reach the LDAP server. You would think: 'but you can still login as
root, right?'... wrong. i can't login as root, which makes boot in
single user mode, enable all the network stuff manually and login as
root. you know, once all the network stuff is enabled and working, i
have no problems logging in as root (which is a local account), but i
the network is down, /me == :(
does anybody know a solution?
tia,
johnny -bananas- morano
this is my (the default redhat) pam config file:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore]
/lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
--
Jehan Procaccia | Ingenieur Systemes & Reseaux
Institut National des Telecommunications| Tel : +33 (0) 160764436
MCI, Moyens Communs Informatiques | Mail: Jehan.Procaccia@int-evry.fr
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321