PAM ccreds (cache credentials)

[Thomas Mathiesen]

I have been testing things, and pam's pam-ccreds module seems to be what we're
looking for, but I can't get it working.

This ccreds example file won't work on my ubuntu;
#--------------------------------------------------------------------------------------
other auth [user_unknown=ignore default=done] \
/lib/security/pam_unix.so
other auth [authinfo_unavail=ignore success=1 default=2] \
/lib/security/pam_ldap.so try_first_pass
other auth [default=done] /lib/security/pam_ccreds.so action=validate
use_first_pass
other auth [default=done] /lib/security/pam_ccreds.so action=store
other auth [default=done] /lib/security/pam_ccreds.so action=update
other account [user_unknown=ignore default=done]
/lib/security/pam_unix.so
other account [authinfo_unavail=ignore default=done]
/lib/security/pam_ldap.so
other account [default=done]
/lib/security/pam_permit.so
other session required /lib/security/pam_unix.so
other password required /lib/security/pam_ldap.so
#--------------------------------------------------------------------------------------

Ubuntu uses /etc/pam.d/common-auth/password/account/session

The default format is for example
auth required pam_ldap.so

Connecting with ldap (fedora directory server) without these (ccreds) changes
works fine.

Error message I see after trying to "tweak" the example:
Jun 15 14:54:53 localhost login[4747]: (pam_unix) check pass; user unknown
Jun 15 14:54:53 localhost login[4747]: (pam_unix) authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Jun 15 14:54:55 localhost login[4747]: FAILED LOGIN (1) on `tty1' FOR `frans',
Authentication service cannot retrieve authentication info.
Jun 15 14:55:31 localhost login[4747]: (pam_unix) check pass; user unknown
Jun 15 14:55:34 localhost login[4747]: FAILED LOGIN (2) on `tty1' FOR `frans',
Authentication service cannot retrieve authentication info.
Jun 15 14:56:29 localhost login[4756]: Authentication service cannot retrieve
authentication info.

Anyone?