[Spacewalk-list] Spacewalk & pam_ldap
Andy Speagle
andy.speagle at wichita.edu
Tue Aug 25 16:56:07 UTC 2009
On Tue, 2009-08-25 at 11:28 -0500, Brandon Perkins wrote:
> So, this doesn't look right to me, I'd expect something more along the
> lines of:
>
> #%PAM-1.0
> auth required pam_env.so
> auth sufficient pam_ldap.so no_user_check
> auth required pam_deny.so
> account required pam_ldap.so no_user_check
>
> Notice the 'no_user_check's. My PAM is a bit rusty, so I don't recall
> exactly what this does. But comparing against all known working
> configurations against LDAP I see, this is the thing that stands-out
> for
> me. There is also the outside chance (that if this is a 64-bit box)
> that the path to the library needs to be pre-pended with:
>
> /lib64/security/
I can't imagine that this is necessary... since none of the other PAM
config files include it... and it doesn't yell at me about them being
missing.
> So its more like:
>
> #%PAM-1.0
> auth required /lib64/security/pam_env.so
> auth sufficient /lib64/security/pam_ldap.so
> no_user_check
> auth required /lib64/security/pam_deny.so
> account required /lib64/security/pam_ldap.so
> no_user_check
When I use "no_user_check" in my config... I see the following error
in /var/log/messages:
Aug 25 11:36:20 apptest-507 java: illegal option no_user_check
> You should also take a look at /var/log/tomcat/catalina.out when
> trying
> to log into the Web interface with this user to see if there is
> anything
> interesting being reported at the Satellite level.
The tomcat error that came out of this was:
# tail -n 0 -f /var/log/tomcat5/catalina.out
2009-08-25 11:34:27,291 [TP-Processor5] WARN
com.redhat.rhn.domain.user.legacy.LegacyRhnUserImpl - PAM login for user
User <myuser> (id 21, org_id 1) failed with error Authentication
failure.
> Good luck!
> Brandon
Thanks... any thoughts on where to go from here? I can't seem to get
any verbose logging from PAM... despite appending "debug" to the
pam_ldap.so lines.
--
Andy Speagle
"THE Student" - UCATS
Wichita State University
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20090825/ce42d84a/attachment.sig>
More information about the Spacewalk-list
mailing list