LDAP Authentication and su
hi,
im using rhel3 and set it up as a ldap client. we're having problems with pam and su.
We use LDAP authentication. We use authconfig to set enable ldap authorization and authentication. We set our ldap host and search path. We also add 'session optional /lib/security/pam_mkhomedir.so' to /etc/pam.d/system-auth.
Logging in with LDAP based accounts works fine. When you su, there is a segfault. You can see that the authentication was granted in the syslog, but the shell never starts up.
For example:
[gary.richardson@virt-001 gary.richardson]$ su -
Password:
Segmentation fault
Jan 10 16:35:50 virt-001 su(pam_unix)[26440]: session opened for user root by gary.richardson(uid=4008)
Jan 10 16:35:51 virt-001 su(pam_unix)[26440]: session closed for user root
our /etc/pam.d/system-auth listed below:
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0077
Still gets the segfaults.
any insights are really appreciated. Thanks.
|