[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems with User Authentication using PAM & LDAP



fkroeger iinet net au wrote:
Anyone had problems trying to connect via ssh to FC2 server setup for
ldap & pam?

When I ssh to FC2 it prompts for my password.  I enter the password setup
on the ldap server (different server) - It responds with "Access denied"
and prompts for my password again.  I enter it a second time & it starts
up my ssh session.  This indicates that it is authenticating OK to the
ldap server - but always on the second try.  When I enter my local
password at the first prompt it lets me in.  So it appears that the first
prompt is looking up the local password and the second try it is looking
up the ldap entry.

The pam.d/sshd file looks OK - it is referencing the system-auth file
which is generated from the authconfig command. I have tried swapping
around the order of files & ldap in the nsswitch.conf file but to no
avail.

Any ideas?

Regards... Fred Kroeger



It could be that PAM isn't passing the password from the initial login attempt to LDAP.


What does the line for pam_ldap.so look like in system-auth?

These are the relevent lines from my (working) FC1 system:

auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass

where use_first_pass tells PAM to use the password which was enterd for pam_unix, rather than prompting for another one.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw ion le ac uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]