[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Authentication Modules / System-Auth
Wrong list for PAM problems. But your bug is documented here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=55193
There are two different fixes described, I've used both and they both work. I
don't know why Nalin never fixed it in the Red Hat errata, since it's clearly a
bug in Red Hat's authconfig tool (which writes the pam and nss config files).
Further discussion of this problem belongs on another list. Probably the Red
Hat bug list, where it ought to be mentioned as frequently as possible.
--Charlie
On 20 Jan 2004 at 15:32, Michael Lackner wrote:
>
> It seems as if my OpenLDAP Server is now up and running, i can
> authenticate users against the LDAP Server. However, as soon as
> i deactivate the LDAP Server (OpenLDAP 2.0.27-8), i cannot login,
> not even with users that are stored in the common Linux files, I
> have been told / i have read, that this is a common problem with
> PAM frequently discussed here.
>
> I'm currently using some older packages that can be found as RPM's
> on the RH9 CD's, server is set up with RH9 in that case of course.
> --
> OpenLDAP 2.0.27-8
> pam-0.75-48
> openssl-0.9.7c-3 (installed for gq)
> gq-0.7.0.0.beta2.6
> --
>
> I logged in as root, shut down the LDAP server, then logged out
> and tried to log in again. I also tried to login as an LDAP-only
> stored user to see how this would show up in the syslog. Here
> it is (The LDAP only user is "testuser"):
>
> /var/log/messages:
> ------------------------------
> login(pam_unix)[3409]: session opened for user root by LOGIN(uid=0)
> -- root[3409]: ROOT LOGIN ON tty1
> ldap: slapd shutdown succeeded
> login(pam_unix)[3409]: session closed for user root
> login(pam_unix)[3498]: check pass; user unknown
> login(pam_unix)[3498]: authentication failure; logname= uid=0 euid=0
> tty=tty1 ruser= rhost=
> login(pam_unix)[3498]: could not identify user (from getpwnam(testuser))
> login[3498]: pam_ldap: ldap_simple_bind Can't contact LDAP server
> ------------------------------
>
> /etc/pam.d/system-auth (generated by RH9 authconfig with ldap enabled)
> ------------------------------
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
> account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok use_authok md5 shadow
> password sufficient /lib/security/$ISA/pam_ldap.so use_authok
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
> session required /lib/security/$ISA/pam_ldap.so
> ------------------------------
>
> /etc/pam.d/login:
> ------------------------------
> auth required pam_securetty.so
> auth sufficient pam_stack.so service=system-auth
> auth required pam_nologin.so
> account required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
> session optional pam_console.so
> ------------------------------
>
> If you need more information, please let me know.