Problem using pam_ldap in RedHat 9
Tay, Gary
Gary_Tay at platts.com
Thu Aug 26 02:43:15 UTC 2004
Hi,
This is reported in RedHat Buzilla but when I followed the fix steps in
it it does not work, eventually I found my "fix step". I did not modify
/etc/pam.d/su, it is "stacked" to use the default
/etc/pam.d/system-auth.
See:
http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open
SSH%20with%20pam_ldap%20for%20RedHat%20Enterprise%20Linux3.htm
And
http://web.singnet.com.sg/~garyttt
Tips: the generated system-auth has a bug such that "su - userid" will
display "incorrect password" even when correct password is provided, to
fix it, replace one of the "account" lines, as shown below:
Change this:
account required /lib/security/$ISA/pam_unix.so
To that:
account sufficient /lib/security/$ISA/pam_unix.so
Try adding this line somewhere in /etc/pam.d/su and see if it helps.
account sufficient /lib/security/$ISA/pam_unix.so
Rgds
Gary
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
On Behalf Of Rodrigo S Wanderley
Sent: Thursday, August 26, 2004 3:39 AM
To: pam-list at redhat.com
Subject: Problem using pam_ldap in RedHat 9
Hi,
Im having some problem trying to autenticate using an ldap database.
My /etc/pam.d/su looks like this:
auth required /lib/security/$ISA/pam_unix.so
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
account required /lib/security/$ISA/pam_permit.so
password required /lib/security/$ISA/pam_permit.so
session required /lib/security/$ISA/pam_permit.so
I used the pam_permit.so trying to focus only on the auth method.
After spending some time in this problem I decided to get the source
code of pam_ldap.so, Ive used some printfs on it and saw that it was
returning 0 (PAM_SUCCESS) but su keeps giving me 'su: incorrect
password'.
Had anyone have similar problem and found the answear?
---> Example Session
# su rodrigo # rodrigo is an ldap user
password: ******
su: incorrect password
--->
Any information that you need, please let me now.
thanks in advance,
RSW
OBS: Had no problem to configure Libranet and RH 7.2
---> /var/log/messages
Aug 25 16:09:27 floyd su(pam_unix)[10366]: check pass; user unknown Aug
25 16:09:27 floyd su(pam_unix)[10366]: authentication failure;
logname=rodriwan uid=0 euid=0 tty= ruser=root rhost=
--
Esta mensagem foi verificada pelo sistema de anti-virus e acredita-se
estar livre de perigo.
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list