Cant authenticate to LDAP domain with Redhat9
Stuart Sears
stuart at sjsears.com
Wed Jul 7 18:50:51 UTC 2004
On Wednesday 07 July 2004 15:32, Faehl, Chris wrote:
> I'm not sure how PAM works (eg, if it can't find a specific instance in
> pam.d for a given program, fall through and use system-auth),
IIRC it doesn't - you should find a file called /etc/pam.d/other
which is used for apps calling pam whioch don't have their own config file.
system-auth is used for centralised checking, and is usually referenced in
other files using the pam_stack library for particular test types.
> but if it
> does work as parenthetically indicated, then the original problem is
> that RedHat does ship /etc/pam.d/sshd. If that theory holds, removing
> /etc/pam.d/sshd should make system-auth consulted.
> I've just verified
> that this is not what occurs: if /etc/pam.d/sshd does not exist - ya
> don't get in (eg, system-auth isn't consulted).
this is why:
/etc/pam.d/other
#%PAM-1.0
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_deny.so
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_deny.so
i.e Go Away.
HTH
Stuart
--
Stuart Sears RHCE, RHCX
More information about the redhat-list
mailing list