Pam-list digest, Vol 1 #933 - 1 msg

Andreas G. Schindler schindler at az1.de
Mon Mar 1 10:56:59 UTC 2004 

pam-list-request at redhat.com wrote:

> Send Pam-list mailing list submissions to
> 	pam-list at redhat.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://www.redhat.com/mailman/listinfo/pam-list
> or, via email, send a message with subject or body 'help' to
> 	pam-list-request at redhat.com
> 
> You can reach the person managing the list at
> 	pam-list-admin at redhat.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pam-list digest..."
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Today's Topics:
> 
>    1. mod_auth_pam and groups (Jean-Rene Cormier)
> 
> 
> ------------------------------------------------------------------------
> 
> Subject:
> mod_auth_pam and groups
> From:
> Jean-Rene Cormier <jean-rene.cormier at cipanb.ca>
> Date:
> Fri, 27 Feb 2004 10:16:30 -0400
> To:
> pam-list at redhat.com
> 
> 
> Hi, I have a problem where I need to setup mod_auth_pam to authenticate
> against a OpenLDAP directory using pam_ldap. When I use "require group
> somegroup" in my .htaccess I get a "configuration error: couldn't check
> access. No groups file?" error in my error log. Looking at the OpenLDAP
> logs I can see that it doesn't check for groups info at all. I tried the
> exact same .htaccess file on another box with Apache 1.3 and it worked
> but with Apache 2.0 I get that error. Anybody knows what could be wrong?
> 
> Jean-Rene Cormier
> 
> 
I guess, in addition to the pam module, you will
need to install and set up the name service switch
module: /lib/libnss_ldap.so.2 and modify your 
'/etc/nsswitch.conf' adding ldap, e.g.:

group:	files ldap

I got a home-brew test utility to check out all
of the various functions concerning PAM and NSS.
It's much easier to use than try+error along with
apache & friends. If you like, i'll send you a copy. 

Regards, Andreas 
-- 

Dr. Andreas G. Schindler        c/o Alpha Zero One Computersysteme GmbH
schindler at az1.de                Frankfurter Str. 141, D-63303 Dreieich
Tel +49 6103 57187 21           Germany

More information about the Pam-list mailing list