Problems with User Authentication using PAM & LDAP

Nigel Wade nmw at ion.le.ac.uk
Wed Jun 2 08:56:54 UTC 2004


fkroeger at iinet.net.au wrote:
> Anyone had problems trying to connect via ssh to FC2 server setup for
> ldap & pam?
> 
> When I ssh to FC2 it prompts for my password.  I enter the password setup
> on the ldap server (different server) - It responds with "Access denied"
> and prompts for my password again.  I enter it a second time & it starts
> up my ssh session.  This indicates that it is authenticating OK to the
> ldap server - but always on the second try.  When I enter my local
> password at the first prompt it lets me in.  So it appears that the first
> prompt is looking up the local password and the second try it is looking
> up the ldap entry.
> 
> The pam.d/sshd file looks OK - it is referencing the system-auth file
> which is generated from the authconfig command. I have tried swapping
> around the order of files & ldap in the nsswitch.conf file but to no
> avail.
> 
> Any ideas?
> 
> Regards...  Fred Kroeger
> 
> 

It could be that PAM isn't passing the password from the initial login 
attempt to LDAP.

What does the line for pam_ldap.so look like in system-auth?

These are the relevent lines from my (working) FC1 system:

auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass

where use_first_pass tells PAM to use the password which was enterd for 
pam_unix, rather than prompting for another one.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555





More information about the fedora-list mailing list