[rhn-users] problem connection in local with account root
GanGan
gangan at zalteam.com
Mon Jul 28 15:26:00 UTC 2008
thanks for your help but I always have the same problem
it's impossible for me to connect on the local with root account
and other account in passwd
nss_ldap: reconnected to LDAP server ldap://srvtest3.test.org/
Jul 28 19:23:07 srvtest1 login: pam_unix(login:session): session opened for
user root by LOGIN(uid=0)
Jul 28 19:23:07 srvtest1 login: ROOT LOGIN ON tty1
Jul 28 19:23:07 srvtest1 login: pam_unix(login:session): session closed for
user root
my /etc/pam.d/sytem-auth :
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
my /etc/pam.d/sshd :
auth optional pam_group.so
auth required pam_env.so
auth sufficient pam_unix.so likeauth
auth sufficient pam_ldap.so
auth required pam_deny.so
auth required pam_warn.so
account sufficient pam_localuser.so
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
account required pam_warn.so
password required pam_cracklib.so retry=2 minlen=6
password sufficient pam_unix.so use_authok md5 shadow
password sufficient pam_ldap.so use_authok
password required pam_deny.so
password required pam_warn.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=077 silent
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
session required pam_warn.so
On Tue, 22 Jul 2008 07:29:49 -0500, Chandler Wilkerson <chwilk at rice.edu>
wrote:
> Good point; I also neglected to read carefully what was going on with
> the pam.d files. It looks like GanGan has overridden the default
> include of system-auth and set up sshd on its own with a few
> modifications like pam_mkhomedir and pam_group.
>
> Okay, the actual pam line that seems to allow local auth is:
>
> account sufficient pam_localuser.so
>
> There is also a flag in the "password sufficient pam_unix.so"
> line, "try_first_pass" that may affect local users.
>
> --
> Chandler
>
> On Jul 22, 2008, at 3:20 AM, Mertens, Bram wrote:
>
>> Don't forget that using the system-config tools will overwrite any
>> changes you made to the config files!
>>
>> Regards
>>
>> Bram
>>
>>>
>>
>>
>> Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830
>> Willebroek
>> VAT BE 406.024.281, RPR Mechelen, ING 310-0092504-52, IBAN : BE64
>> 3100 0925 0452, SWIFT : BBRUBEBB
>>
>> -----Original Message-----
>>> From: rhn-users-bounces at redhat.com
>>> [mailto:rhn-users-bounces at redhat.com] On Behalf Of Chandler Wilkerson
>>> Sent: zaterdag 19 juli 2008 22:40
>>> To: Discussions about Red Hat Network (rhn.redhat.com)
>>> Subject: Re: [rhn-users] problem connection in local with account
>>> root
>>>
>>> The easiest way is via the system-config-authentication tool. In the
>>> options tab, select the option for "local authentication sufficient
>>> for local accounts"
>>>
>>> --
>>> Chandler Wilkerson
>>> Rice University
>>>
>>> On Jul 17, 2008, at 10:36 AM, GanGan wrote:
>>>
>>>> hello all
>>>>
>>>> I have problem for connect in local in my server rhel 5.1with the
>>>> root account
>>>>
>>>> all the connection with ssh are good, root too
>>>> I use ldap for other account
>>>> the root account is not in ldap
>>>> my /etc/nsswitch.conf
>>>> passwd: files [SUCCESS=return] ldap
>>>> shadow: files [SUCCESS=return] ldap
>>>> group: files [SUCCESS=return] ldap
>>>> when I delete ldap in my nsswitch.conf the connection local
>>> with the
>>>> root account works well
>>>> I have modified /etc/pam.d/sshd no other files in /etc/pam.d/
>>>> my /etc/pam.d/sshd
>>>> auth optional pam_group.so
>>>> auth required pam_env.so
>>>> auth sufficient pam_unix.so likeauth
>>>> auth sufficient pam_ldap.so use_first_pass
>>>> auth required pam_deny.so
>>>> auth required pam_warn.so
>>>>
>>>> account sufficient pam_unix.so
>>>> account sufficient pam_ldap.so ignore_unknown_user
>>>> account required pam_deny.so
>>>> account required pam_warn.so
>>>>
>>>> password required pam_cracklib.so retry=2 minlen=8
>>>> password sufficient pam_unix.so use_authok md5 shadow
>>>> password sufficient pam_ldap.so use_authok
>>>> password required pam_deny.so
>>>> password required pam_warn.so
>>>>
>>>> session optional pam_mkhomedir.so skel=/etc/skel/
>>> umask=077
>>>> silent
>>>> session required pam_limits.so
>>>> session optional pam_ldap.so ignore_unknown_user
>>>> session required pam_warn.so
>>>> someone could help me
>>>> - GanGan -
>>>>
>>>>
>>>> _______________________________________________
>>>> rhn-users mailing list
>>>> rhn-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/rhn-users
>>>>
>>>> !DSPAM:3857,487f6710293721101591305!
>>>
>>> _______________________________________________
>>> rhn-users mailing list
>>> rhn-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/rhn-users
>>>
>>
>> _______________________________________________
>> rhn-users mailing list
>> rhn-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhn-users
>>
>> !DSPAM:3857,48859882306557719314360!
>>
>>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
--
Samuel SALSON.
--
- GanGan -
More information about the rhn-users
mailing list