LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 01-23-2005, 07:33 PM   #1
da_kidd_er
Member
 
Registered: Feb 2003
Posts: 52

Rep: Reputation: 15
LDAP Authentication and su


hi,

im using rhel3 and set it up as a ldap client. we're having problems with pam and su.

We use LDAP authentication. We use authconfig to set enable ldap authorization and authentication. We set our ldap host and search path. We also add 'session optional /lib/security/pam_mkhomedir.so' to /etc/pam.d/system-auth.

Logging in with LDAP based accounts works fine. When you su, there is a segfault. You can see that the authentication was granted in the syslog, but the shell never starts up.

For example:

[gary.richardson@virt-001 gary.richardson]$ su -
Password:
Segmentation fault

Jan 10 16:35:50 virt-001 su(pam_unix)[26440]: session opened for user root by gary.richardson(uid=4008)
Jan 10 16:35:51 virt-001 su(pam_unix)[26440]: session closed for user root

our /etc/pam.d/system-auth listed below:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0077

Still gets the segfaults.

any insights are really appreciated. Thanks.
 
Old 12-27-2005, 12:24 PM   #2
Medievalist
Member
 
Registered: Aug 2003
Distribution: Dead Rat
Posts: 175

Rep: Reputation: 37
Authconfig is broken. Don't use it. See bugzilla for more details.

Make sure you are patched up to date or mkhomedir.so will probably also be broken. I think there are also several updates to pam itself and at least one for su.

Use this for /etc/pam.d/system-auth:

#%PAM-1.0
# This file has been hand-edited.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok authinfo_unavail=ignore user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0077
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap authentication goestin Linux - Networking 2 12-27-2005 12:27 PM
Ldap Authentication joeyBig Programming 1 08-25-2004 11:00 AM
ldap authentication box_l Mandriva 0 03-22-2004 04:24 AM
ldap cleartext authentication Clemente Linux - Software 0 09-18-2003 04:40 AM
LDAP Authentication Staceman Linux - Software 0 07-31-2003 09:14 AM


All times are GMT -5. The time now is 12:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration