pam credentials whith pam_ldap
Oscar Nogales
oscar.brujula at gmail.com
Wed Jan 19 11:32:35 UTC 2005
Hi list,
I'm writing to all you because I need help to configure de pam_ccreds
to allow ldap users to login in their local machines without network.
To do this, we are triying to use pam credentials that cached the user
credentials. My system is a RHEL4 (beta 2) with ldap authentification
enabled (and working perfectly) and I have installed the Red Hat
pam_ccreds-1-3 package (included in that distribution).
When I shut down network interface and I try to login with a only ldap
user (no local), I see a flash message saying that I'm login in using
cache credentials. A second message is prompted saying that the system
cannot retrieve authentication info and the system show again the
login screen. So I can't do login without network.
I'm looking for a solution, because this is a part of a project
migration (windows to linux) and we need a centraliced user management
(ldap) where the users can do login without network (because they need
to work with local applications indistinctly of that there is network
or not).
My /etc/pam.d/system-auth file is:
-----------------------------------------
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth sufficient /lib/security/$ISA/pam_ccreds.so
action=validate use_first_pass
auth sufficient /lib/security/$ISA/pam_ccreds.so action=store
auth optional /lib/security/$ISA/pam_ccreds.so action=update
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
session optional /lib/security/pam_mkhomedir.so
skel=/etc/skel umask=022
-------------------------------------------
and the important section of /etc/nsswitch.conf
------------------------------------------
...
passwd: files ldap db
shadow: files ldap db
group: files ldap db
...
------------------------------------------
I don't known if the problem is in the way that I specify pam_ldap.so
and pam_unix.so (with the appropiates arguments) or if it is in other
configuration params. I'm looking for documentation but by the moment
I have not found any documentation.
If someone has the same problem or knowns where can I found
configuration examples I would be very grateful.
Regards,
--
Oscar Nogales Repiso
Departamento de Sistemas y Comunicaciones
Brújula Telecom
T. +34 971 433 909 - F. +34 971 433 910
www.brujulatelecom.com
_________________________________
En el corazón de su negocio
More information about the Pam-list
mailing list