[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Problem using pam_ldap in RedHat 9


This is reported in RedHat Buzilla but when I followed the fix steps in
it it does not work, eventually I found my "fix step". I did not modify
/etc/pam.d/su, it is "stacked" to use the default


Tips: the generated system-auth has a bug such that "su - userid" will
display "incorrect password" even when correct password is provided, to
fix it, replace one of the "account" lines, as shown below:

Change this:
account     required      /lib/security/$ISA/pam_unix.so
To that:
account     sufficient      /lib/security/$ISA/pam_unix.so

Try adding this line somewhere in /etc/pam.d/su and see if it helps.
account     sufficient      /lib/security/$ISA/pam_unix.so


-----Original Message-----
From: pam-list-bounces redhat com [mailto:pam-list-bounces redhat com]
On Behalf Of Rodrigo S Wanderley
Sent: Thursday, August 26, 2004 3:39 AM
To: pam-list redhat com
Subject: Problem using pam_ldap in RedHat 9


  Im having some problem trying to autenticate using an ldap database.  
My /etc/pam.d/su looks like this:

auth       required     /lib/security/$ISA/pam_unix.so
auth       sufficient   /lib/security/$ISA/pam_ldap.so use_first_pass
account    required     /lib/security/$ISA/pam_permit.so
password   required     /lib/security/$ISA/pam_permit.so
session     required    /lib/security/$ISA/pam_permit.so

I used the pam_permit.so trying to focus only on the auth method.

After spending some time in this problem I decided to get the source 
code of pam_ldap.so, Ive used some printfs on it and saw that it was 
returning 0 (PAM_SUCCESS) but su keeps giving me 'su: incorrect

Had anyone have similar problem and found the answear?

---> Example Session
# su rodrigo    # rodrigo is an ldap user
password: ******
su: incorrect password

Any information that you need, please let me now.

thanks in advance,

OBS: Had no problem to configure Libranet and RH 7.2

---> /var/log/messages
Aug 25 16:09:27 floyd su(pam_unix)[10366]: check pass; user unknown Aug
25 16:09:27 floyd su(pam_unix)[10366]: authentication failure; 
logname=rodriwan uid=0 euid=0 tty= ruser=root rhost=

Esta mensagem foi verificada pelo sistema de anti-virus e  acredita-se
estar livre de perigo.

Pam-list mailing list
Pam-list redhat com https://www.redhat.com/mailman/listinfo/pam-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]