LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 04-28-2005, 01:11 PM   #1
SheldonPlankton
Member
 
Registered: Jun 2004
Posts: 129

Rep: Reputation: 15
pam.d/system-auth and LDAP?


Hi,


I want to be able to authenicate users against my LDAP server on my RedHat systems. Or more direct to the point I want the LDAP server to
verify user's passwords, and I want user's to get account information like
(shell, and home dir) from the old /etc/passwd file.

I figured I need to muck around with /etc/pam.d/system-auth file that
was modified by authconfig.

authconfig left my /etc/pam.d/system-auth file looking like
Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth       required       /lib/security/$ISA/pam_env.so
auth       sufficient      /lib/security/$ISA/pam_unix.so likeauth nullok
auth       sufficient      /lib/security/$ISA/pam_env.so use_first_pass
auth       required       /lib/security/$ISA/pam_env.so

account  required        /lib/security/$ISA/pam_unix.so
account  [default=bad success=ok user_unknow=ignore service_err=ignore system_err=ignore] require         /lib/security/$ISA/pam_ldap.so

password       required       /lib/security/$ISA/pam_cracklib.so retry=3 type=
password       sufficient      /lib/security/$ISA/pam_unix.so nullok use_authok md5 shadow
password       sufficient      /lib/security/$ISA/pam_ldap.so use_authok
password       required       /lib/security/$ISA/pam_deny.so

session       required          /lib/security/$ISA/pam_limits.so
session       required          /lib/security/$ISA/pam_unix.so
session       required          /lib/security/$ISA/pam_ldap.so
With this system-auth I would get shell and home dir info from LDAP.
The password in my /etc/shadow was no longer being user and
I had to use the password I stored in LDAP.

This is not what I wanted. So I changed my system-auth by hand to this ...
Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth       required       /lib/security/$ISA/pam_env.so
auth       sufficient      /lib/security/$ISA/pam_unix.so likeauth nullok
auth       sufficient      /lib/security/$ISA/pam_env.so use_first_pass
auth       required       /lib/security/$ISA/pam_env.so

account  required        /lib/security/$ISA/pam_unix.so

password       required       /lib/security/$ISA/pam_cracklib.so retry=3 type=
password       sufficient      /lib/security/$ISA/pam_unix.so nullok use_authok md5 shadow
password       sufficient      /lib/security/$ISA/pam_ldap.so use_authok
password       required       /lib/security/$ISA/pam_deny.so

session       required          /lib/security/$ISA/pam_limits.so
session       required          /lib/security/$ISA/pam_unix.so
Now I get user shell and home dir from /etc/passwd and not ldap, but I am able to log in with the password I stored in LDAP and the password I stored in my /etc/shadow ???

A little help please
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam LDAP client auth with multi OU's paul_mat Linux - Networking 0 11-02-2005 04:40 PM
pam radius auth in slackware ?? Barx Slackware 1 04-30-2005 08:06 AM
Failing to log into ssh via ldap auth. Pam Problem? cehlers Linux - Security 1 10-10-2004 07:55 AM
openssh/PAM auth problem crippler909 Linux From Scratch 1 06-08-2003 11:51 AM
Need help w/Samba & PAM Auth DocJones Linux - Software 3 05-14-2003 08:42 AM


All times are GMT -5. The time now is 08:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration