[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [pamldap] Solaris - pam_check_host_attr and local logins
I did not get any help. I have not found an answer yet. Anyone have an
idea what I need to do?
I have attached my pam.conf file.
--Ezsra
On Tue, 2004-03-02 at 14:18, Ezsra McDonald wrote:
> Greetings,
>
> My requirements just got more complex. We have some
> local accounts for batch processing that do remote
> shells to this box for different tasks. I do not want
> these users to be in LDAP. I also want to use the
> pam_check_host_attr for non-local user access
> restrictions.
>
> The way I have it now an LDAP user may login but not a
> local user. This is because of the requirement to make
> the pam_check_host_attr feature work.
>
> I want my pie and to eat it too.
>
> I am on Solaris 8, so I use the /etc/pam.conf file. I
> have attached this file for your review.
>
> Has anyone else done this on Solaris?
>
> I found a reference to a possible solution but it only
> seems to work on Redhat:
>
> http://www.netsys.com/pamldap/2003/06/msg00008.html
>
> Does anyone know of a similar option for solaris? My
> solaris box complains when I try this example.
>
> I have the following compiled and installed
>
> openldap-2.1.25
> pam_ldap-167
> nss_ldap-215
>
> Your assistance is appreciated,
>
> --Ezsra
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
> http://search.yahoo.com
#ident $Id: pam.conf,v 1.5 2003/11/26 08:26:35 hyc Exp $
#
# PAM configuration for LDAP is sufficient, otherwise UNIX
# mandatory authentication policy.
#
#
# Authentication management
#
login auth sufficient /usr/lib/security/pam_ldap.so.1
login auth required /usr/lib/security/pam_unix.so.1 use_first_pass
login auth required /usr/lib/security/pam_dial_auth.so.1
telnet auth sufficient /usr/lib/security/pam_ldap.so.1
telnet auth required /usr/lib/security/pam_unix.so.1 use_first_pass
rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_ldap.so.1
rlogin auth required /usr/lib/security/pam_unix.so.1 use_first_pass
dtlogin auth sufficient /usr/lib/security/pam_ldap.so.1
dtlogin auth required /usr/lib/security/pam_unix.so.1 use_first_pass
rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_ldap.so.1
other auth required /usr/lib/security/pam_unix.so.1 use_first_pass
#
# Account management
#
login account sufficient /usr/lib/security/pam_ldap.so.1
login account required /usr/lib/security/pam_unix.so.1
dtlogin account sufficient /usr/lib/security/pam_ldap.so.1
dtlogin account required /usr/lib/security/pam_unix.so.1
other account required /usr/lib/security/pam_ldap.so.1
other account sufficient /usr/lib/security/pam_unix.so.1
#
# Session management, not implemented by pam_ldap
#
other session required /usr/lib/security/pam_unix.so.1
#
# Password management
#
#other password required /usr/lib/security/pam_unix.so.1
other password required /usr/lib/security/pam_ldap.so