[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam credentials whith pam_ldap

Hi list,

I'm writing to all you because I need help to configure de pam_ccreds
to allow ldap users to login in their local machines without network.
To do this, we are triying to use pam credentials that cached the user
credentials. My system is a RHEL4 (beta 2) with ldap authentification
enabled (and working perfectly) and I have installed the Red Hat
pam_ccreds-1-3 package  (included in that distribution).

When I shut down network interface and I try to login with a only ldap
user (no local), I see a flash message saying that I'm login in using
cache credentials. A second message is prompted saying that the system
cannot retrieve authentication info and the system show again the
login screen. So I can't do login without network.

I'm looking for a solution, because this is a part of a project
migration (windows to linux) and we need a centraliced user management
(ldap) where the users can do login without network (because they need
to work with local applications indistinctly of that there is network
or not).

My /etc/pam.d/system-auth file is:

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_ccreds.so
action=validate use_first_pass
auth        sufficient    /lib/security/$ISA/pam_ccreds.so action=store
auth        optional      /lib/security/$ISA/pam_ccreds.so action=update
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore]
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so
session     optional      /lib/security/pam_mkhomedir.so
skel=/etc/skel umask=022


and the important section of /etc/nsswitch.conf

passwd:     files ldap db
shadow:     files ldap db
group:      files ldap db

I don't known if the problem is in the way that I specify pam_ldap.so
and pam_unix.so (with the appropiates arguments) or if it is in other
configuration params. I'm looking for documentation but by the moment
I have not found any documentation.

If someone has the same problem or knowns where can I found
configuration examples I would be very grateful.

Oscar Nogales Repiso
Departamento de Sistemas y Comunicaciones
Brújula Telecom
T. +34 971 433 909 - F. +34 971 433 910
En el corazón de su negocio

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]