Problems with User Authentication using PAM & LDAP
Nigel Wade
nmw at ion.le.ac.uk
Wed Jun 2 08:56:54 UTC 2004
fkroeger at iinet.net.au wrote:
> Anyone had problems trying to connect via ssh to FC2 server setup for
> ldap & pam?
>
> When I ssh to FC2 it prompts for my password. I enter the password setup
> on the ldap server (different server) - It responds with "Access denied"
> and prompts for my password again. I enter it a second time & it starts
> up my ssh session. This indicates that it is authenticating OK to the
> ldap server - but always on the second try. When I enter my local
> password at the first prompt it lets me in. So it appears that the first
> prompt is looking up the local password and the second try it is looking
> up the ldap entry.
>
> The pam.d/sshd file looks OK - it is referencing the system-auth file
> which is generated from the authconfig command. I have tried swapping
> around the order of files & ldap in the nsswitch.conf file but to no
> avail.
>
> Any ideas?
>
> Regards... Fred Kroeger
>
>
It could be that PAM isn't passing the password from the initial login
attempt to LDAP.
What does the line for pam_ldap.so look like in system-auth?
These are the relevent lines from my (working) FC1 system:
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
where use_first_pass tells PAM to use the password which was enterd for
pam_unix, rather than prompting for another one.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list