[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_ldap on Solaris 8



/etc/pam.conf as requested, note that the sshd entries are commented
out, I have tried infinite permutations of this file....

----------------------
#
#ident  "@(#)pam.conf   1.16    01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/$ISA/pam_ldap.so.1
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
# Account management
#
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_projects.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_projects.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
#
other   account sufficient      /usr/lib/security/$ISA/pam_ldap.so.1
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_projects.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other   password sufficient     /usr/lib/security/$ISA/pam_ldap.so.1
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
use_first_pass
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#
# Support for Solaris PPP (sppp)
ppp     auth    required        /usr/lib/security/$ISA/pam_unix.so.1
ppp     auth    required       
/usr/lib/security/$ISA/pam_dial_auth.so.1
ppp     account requisite       /usr/lib/security/$ISA/pam_roles.so.1
ppp     account required        /usr/lib/security/$ISA/pam_projects.so.1
ppp     account required        /usr/lib/security/$ISA/pam_unix.so.1
ppp     session required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Openssh with DOL-specific PAM
#sshd   auth            sufficient     
/usr/lib/security/$ISA/pam_ldap.so.1
#sshd   auth            required       
/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#sshd   account         sufficient     
/usr/lib/security/$ISA/pam_unix.so.1
#sshd   account         required       
/usr/lib/security/$ISA/pam_pg_lease.so.1
#sshd   session         required       
/usr/lib/security/$ISA/pam_unix.so.1
#sshd   password        sufficient     
/usr/lib/security/$ISA/pam_ldap.so.1
#sshd   password        required       
/usr/lib/security/$ISA/pam_unix.so.1 use_first_pass
------------------------------------

/usr/lib/security/pam_ldap.so.1 is the newly compiled padl binary
(pam_ldap-140).

Thanks for looking at the problem.


On Fri, 2002-03-15 at 15:28, dweise wrote:
> hi,
>    dump your pam.conf. for us.
> 
> --dave
> At 02:25 PM 3/15/2002 -0700, you wrote:
> >I am unable to get pam_ldap and OpenSSH working on Solaris 8.
> >
> >Here's the situation:
> >1. nss_ldap works fine (verified with id, etc.)
> >2. telnet works for an LDAP user.
> >3. OpenSSH v3.1p1 compiled '--with-pam'
> >4. OpenSSL v0.9.6c
> >
> >I get the following in /var/adm/messages when attempting to login via
> >SSH:
> >[ID 487707 auth.error] load_modules: can not open module
> >/usr/lib/security/pam_ldap.so.1
> >
> >I have tried compiling pam_ldap against different versions of openldap
> >(1.2.11 and 2.0.7).
> >
> >ldd against pam_ldap.so.1 returns all valid libraries... everything
> >looks fine.  Quite confusing.
> >
> >If anyone can help, I'll buy you beer (or pizza, or whatever!)
> >
> >--
> >Blake Barnett (bdb)  <blake.barnett@developonline.com>
> >Sr. Unix Administrator
> >DevelopOnline.com                 office: 480-377-6816
> >
> >Learning is a skill, you get better at it with practice.
> >
> >
> >
> >_______________________________________________
> >Pam-list mailing list
> >Pam-list@redhat.com
> >https://listman.redhat.com/mailman/listinfo/pam-list
> 
> 
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
-- 
Blake Barnett (bdb)  <blake.barnett@developonline.com>
Sr. Unix Administrator
DevelopOnline.com                 office: 480-377-6816

Learning is a skill, you get better at it with practice.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []