Authentication problems with ldap
Lynn York
lyork at inetu.net
Mon Sep 22 18:02:57 UTC 2008
I have added pam_ldap.so to system-auth-ac and I am still having an auth
issue with pam and ldap
[config]
system-auth-ac
#%PAM-1.0
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_ldap.so try_first_pass
auth sufficient pam_unix.so nullok
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_ldap.so try_first_pass
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_ldap.so try_first_pass
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session sufficient pam_ldap.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
[end config ]
Any other ideas?
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On
Behalf Of Dan Yefimov
Sent: Monday, September 22, 2008 1:24 PM
To: Pluggable Authentication Modules
Subject: RE: Authentication problems with ldap
On Mon, 22 Sep 2008, Lynn York wrote:
> Below are my config files:
>
> /etc/pam.d/system-auth
> #%PAM-1.0
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth required pam_deny.so
>
> account required pam_unix.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account required pam_permit.so
>
> password requisite pam_cracklib.so try_first_pass retry=3
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password required pam_deny.so
>
> session optional pam_keyinit.so revoke
> session required pam_limits.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session required pam_unix.so
> -----------------------------------------------------------
>
You must use pam_ldap.so module in order to be able to authenticate against
LDAP servers since pam_unix.so doesn't use NSS.
--
Sincerely Your, Dan.
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3442 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080922/663c7742/attachment.bin>
More information about the Pam-list
mailing list