[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [pamldap] Solaris - pam_check_host_attr and local logins



I did not get any help. I have not found an answer yet. Anyone have an
idea what I need to do?

I have attached my pam.conf file.

--Ezsra

On Tue, 2004-03-02 at 14:18, Ezsra McDonald wrote:
> Greetings,
> 
> My requirements just got more complex. We have some
> local accounts for batch processing that do remote
> shells to this box for different tasks. I do not want
> these users to be in LDAP. I also want to use the
> pam_check_host_attr for non-local user access
> restrictions.  
> 
> The way I have it now an LDAP user may login but not a
> local user. This is because of the requirement to make
> the pam_check_host_attr feature work. 
> 
> I want my pie and to eat it too.
> 
> I am on Solaris 8, so I use the /etc/pam.conf file. I
> have attached this file for your review.
> 
> Has anyone else done this on Solaris?
> 
> I found a reference to a possible solution but it only
> seems to work on Redhat:
> 
> http://www.netsys.com/pamldap/2003/06/msg00008.html
> 
> Does anyone know of a similar option for solaris? My
> solaris box complains when I try this example.
> 
> I have the following compiled and installed
> 
> openldap-2.1.25
> pam_ldap-167
> nss_ldap-215
> 
> Your assistance is appreciated,
> 
> --Ezsra
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
> http://search.yahoo.com
#ident $Id: pam.conf,v 1.5 2003/11/26 08:26:35 hyc Exp $
#
# PAM configuration for LDAP is sufficient, otherwise UNIX
# mandatory authentication policy.
#

#
# Authentication management
#
login   auth sufficient /usr/lib/security/pam_ldap.so.1 
login   auth required   /usr/lib/security/pam_unix.so.1 use_first_pass
login   auth required   /usr/lib/security/pam_dial_auth.so.1 

telnet  auth sufficient /usr/lib/security/pam_ldap.so.1 
telnet  auth required   /usr/lib/security/pam_unix.so.1 use_first_pass

rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin  auth sufficient /usr/lib/security/pam_ldap.so.1
rlogin  auth required   /usr/lib/security/pam_unix.so.1 use_first_pass

dtlogin auth sufficient /usr/lib/security/pam_ldap.so.1 
dtlogin auth required   /usr/lib/security/pam_unix.so.1 use_first_pass

rsh     auth required   /usr/lib/security/pam_rhosts_auth.so.1

other   auth sufficient /usr/lib/security/pam_ldap.so.1
other   auth required   /usr/lib/security/pam_unix.so.1 use_first_pass

#
# Account management
#
login   account sufficient /usr/lib/security/pam_ldap.so.1 
login   account required /usr/lib/security/pam_unix.so.1 

dtlogin account sufficient /usr/lib/security/pam_ldap.so.1 
dtlogin account required /usr/lib/security/pam_unix.so.1 

other   account required /usr/lib/security/pam_ldap.so.1
other   account sufficient /usr/lib/security/pam_unix.so.1 

#
# Session management, not implemented by pam_ldap
#
other   session required /usr/lib/security/pam_unix.so.1 

#
# Password management
#
#other  password required /usr/lib/security/pam_unix.so.1 
other   password required /usr/lib/security/pam_ldap.so