[Date Prev][Date Next] [Chronological] [Thread] [Top]

login problem



Hi,

 Can someone please tell me how to configure login on the FreeBSD-5.1-RELEASE box to use ldap authentication (using SASL/GSSAPI), pam_krb5, pam_ldap and nss_ldap modules repectively. I have successfully configured openldap21-2.1.20_1 with heimdal-0.5.1. I can execute ldapsearch, ldapadd etc using SASL/GSSAPI mechanism without any problems at all on the local box. On /usr/local/etc/openldap/slapd.conf I've added the following extra stuff:

require SASL
sasl-realm MYDOMAIN.COM
sasl-host sanjay.mydomain.com
sasl-secprop noplain,noanonymous,minssf=56
sasl-regex
  uid=(.*),cn=MYDOMAIN.COM,cn=gssapi,cn=auth
  uid=$1,ou=People,dc=mydomain,dc=com
The pam_krb5, nss_ldap, pam_ldap modules are working fine since login is working fine with anonymous LDAP bind. But everything stops when I am disabling anonymous bind. 

My /etc/pam.d/login file is as follows:
auth    required  pam_nologin.so    no_warn
auth    sufficient  pam_self.so   no_warn
auth    sufficient  pam_opie.so   no_warn no_fake_prompts
auth    requisite pam_opieaccess.so no_warn allow_local
auth    sufficient  pam_krb5.so   no_warn try_first_pass
auth    sufficient  /usr/local/lib/pam_ldap.so no_warn try_first_pass
auth    required  pam_unix.so   no_warn try_first_pass nullok

# account
account   required  pam_krb5.so
account   sufficient /usr/local/lib/pam_ldap.so
account   required  pam_login_access.so
account   required  pam_securetty.so
account   required  pam_unix.so

# session
#session  optional  pam_ssh.so
session   required  pam_lastlog.so    no_fail

# password
password  sufficient  pam_krb5.so   no_warn try_first_pass
password   sufficient /usr/local/lib/pam_ldap.so
password  required  pam_unix.so   no_warn try_first_pass

Any help will be greatly appreciated.

Thanks in advance,
Sanjay


_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!