[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Authentication problems with ldap



I have added pam_ldap.so to system-auth-ac and I am still having an auth
issue with pam and ldap

[config]

system-auth-ac
#%PAM-1.0
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_ldap.so try_first_pass
auth        sufficient    pam_unix.so nullok
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_ldap.so try_first_pass
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_ldap.so try_first_pass
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     sufficient    pam_ldap.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session     required      pam_unix.so

[end config ]

Any other ideas?

-----Original Message-----
From: pam-list-bounces redhat com [mailto:pam-list-bounces redhat com] On
Behalf Of Dan Yefimov
Sent: Monday, September 22, 2008 1:24 PM
To: Pluggable Authentication Modules
Subject: RE: Authentication problems with ldap

On Mon, 22 Sep 2008, Lynn York wrote:

> Below are my config files:
> 
> /etc/pam.d/system-auth
> #%PAM-1.0
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        required      pam_deny.so
> 
> account     required      pam_unix.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
> 
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password    required      pam_deny.so
> 
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session     required      pam_unix.so
> -----------------------------------------------------------
> 
You must use pam_ldap.so module in order to be able to authenticate against 
LDAP servers since pam_unix.so doesn't use NSS.
-- 

    Sincerely Your, Dan.

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]