[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Problem using pam_ldap in RedHat 9



Hi,

This is reported in RedHat Buzilla but when I followed the fix steps in
it it does not work, eventually I found my "fix step". I did not modify
/etc/pam.d/su, it is "stacked" to use the default
/etc/pam.d/system-auth. 

See:
http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open
SSH%20with%20pam_ldap%20for%20RedHat%20Enterprise%20Linux3.htm
And
http://web.singnet.com.sg/~garyttt

Tips: the generated system-auth has a bug such that "su - userid" will
display "incorrect password" even when correct password is provided, to
fix it, replace one of the "account" lines, as shown below:

Change this:
account     required      /lib/security/$ISA/pam_unix.so
To that:
account     sufficient      /lib/security/$ISA/pam_unix.so

Try adding this line somewhere in /etc/pam.d/su and see if it helps.
account     sufficient      /lib/security/$ISA/pam_unix.so

Rgds
Gary

-----Original Message-----
From: pam-list-bounces redhat com [mailto:pam-list-bounces redhat com]
On Behalf Of Rodrigo S Wanderley
Sent: Thursday, August 26, 2004 3:39 AM
To: pam-list redhat com
Subject: Problem using pam_ldap in RedHat 9


Hi,

  Im having some problem trying to autenticate using an ldap database.  
My /etc/pam.d/su looks like this:

auth       required     /lib/security/$ISA/pam_unix.so
auth       sufficient   /lib/security/$ISA/pam_ldap.so use_first_pass
account    required     /lib/security/$ISA/pam_permit.so
password   required     /lib/security/$ISA/pam_permit.so
session     required    /lib/security/$ISA/pam_permit.so

I used the pam_permit.so trying to focus only on the auth method.

After spending some time in this problem I decided to get the source 
code of pam_ldap.so, Ive used some printfs on it and saw that it was 
returning 0 (PAM_SUCCESS) but su keeps giving me 'su: incorrect
password'.

Had anyone have similar problem and found the answear?

---> Example Session
# su rodrigo    # rodrigo is an ldap user
password: ******
su: incorrect password
--->

Any information that you need, please let me now.

thanks in advance,
  RSW

OBS: Had no problem to configure Libranet and RH 7.2

---> /var/log/messages
Aug 25 16:09:27 floyd su(pam_unix)[10366]: check pass; user unknown Aug
25 16:09:27 floyd su(pam_unix)[10366]: authentication failure; 
logname=rodriwan uid=0 euid=0 tty= ruser=root rhost=


-- 
Esta mensagem foi verificada pelo sistema de anti-virus e  acredita-se
estar livre de perigo.


_______________________________________________
Pam-list mailing list
Pam-list redhat com https://www.redhat.com/mailman/listinfo/pam-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]