Problems with config= in module config
Jason Lixfeld
jason+lists.pam at lixfeld.ca
Mon Sep 6 05:29:52 UTC 2004
I dug this up from a how-to. They suggested that I could use a config=
line in my pam module config to specify a special config file to use in
order to determine if a user is allowed to authenticate via that
module.
For instance, the /etc/pam.d/ssh file looks like this:
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
auth sufficient /usr/local/lib/pam_ldap.so
config=/usr/local/etc/openldap/ldap-ssh.conf debug try_first_pass
auth required pam_unix.so no_warn
try_first_pass
account required pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so debug
account required pam_unix.so
session required pam_permit.so
password sufficient /usr/local/lib/pam_ldap.so debug
password required pam_unix.so no_warn
try_first_pass
The config file referenced looks like this:
host 127.0.0.1
base dc=example,dc=com
rootbinddn cn=proxyuser,dc=example,dc=com
scope one
pam_groupdn cn=ssh,ou=services,dc=example,dc=com
pam_member_attribute member
pam_password SSHA
when I try to login, I get these errors:
Sep 6 00:07:45 eshara sshd[59637]: error: PAM: authentication error
Sep 6 00:07:45 eshara sshd[59637]: error: PAM: authentication error
Sep 6 00:07:45 eshara sshd[59637]: error: PAM: authentication error
I can't figure out how to get any more debugging out of pam, so I'm at
a little bit of a loss.
Platform is FreeBSD 5.2.1-p9. sshd 3.6.1p1.
More information about the Pam-list
mailing list