Authentication problems with ldap
Dan Yefimov
dan at nf15.lightwave.net.ru
Mon Sep 22 18:27:34 UTC 2008
On Mon, 22 Sep 2008, Lynn York wrote:
> I have added pam_ldap.so to system-auth-ac and I am still having an auth
> issue with pam and ldap
>
> [config]
>
> system-auth-ac
> #%PAM-1.0
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_ldap.so try_first_pass
> auth sufficient pam_unix.so nullok
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth required pam_deny.so
>
> account required pam_unix.so
> account sufficient pam_ldap.so try_first_pass
> account sufficient pam_succeed_if.so uid < 500 quiet
> account required pam_permit.so
>
> password requisite pam_cracklib.so try_first_pass retry=3
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_ldap.so try_first_pass
> password required pam_deny.so
>
> session optional pam_keyinit.so revoke
> session required pam_limits.so
> session sufficient pam_ldap.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session required pam_unix.so
>
> [end config ]
>
> Any other ideas?
>
First, you haven't described what exact error are you getting (look in syslog
logs for them). Second, pam_ldap.so has it's own config file and it's own
list of PAM stacks that it is available and meaningful for. Please consult
documentation shipped with it for details. If you will still have any
difficulties after consulting it's documentation I'd suggest you asking for
help in their mailing list.
--
Sincerely Your, Dan.
More information about the Pam-list
mailing list