[SLE] pam_ldap
From: SUBREDU Manuel (diablo_at_iasi.roedu.net)
Date: 08/30/04
- Previous message: Tom Nielsen: "Re: [SLE] This list and support issues(Was:How do I install a bunch of files with rpm?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Tue, 31 Aug 2004 00:08:14 +0300
Hi,
I have the following setup. 2 SuSE 9.1 machines, updated. One is the
LDAP server and the second one the machine on which I want to login
using LDAP accounts.. I have an objectClass uaicCont with all the fields
from posixAccounts and shadowAccount.
When I log on the second machine and try to change the password using
passwd command the userPassword is changed with the new password but the
shadowLastChange field on the LDAP server doesn't change.
The /etc/openldap/ldap.cont looks like this:
...
# Filter to AND with uid=%s
pam_filter objectclass=uaicCont
pam_login_attribute uid
nss_map_objectclass posixAccount uaicCont
nss_map_objectclass shadowAccount uaicCont
nss_base_passwd <my base dn>?one
nss_base_shadow <my base dn>?one
...
Also, another weird stuff is that when I log in, I must type the
password twice. The first prompt is simply: password, and the second
prompt is "LDAP password".
The /etc/pam.d/ssh and /etc/pam.d/passwd looks like this:
ssh:
#%PAM-1.0
auth required pam_unix2.so # set_secrpc
auth required pam_nologin.so
auth required pam_env.so
auth sufficient pam_ldap.so
account required pam_unix2.so
account required pam_nologin.so
password required pam_pwcheck.so
password required pam_unix2.so use_first_pass use_authtok
password required pam_ldap.so use_authtok
session required pam_unix2.so none # trace or debug
session required pam_limits.so
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README.SuSE)
#session optional pam_resmgr.so fake_ttyname
passwd:
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required pam_unix2.so nullok
account sufficient /lib/security/pam_ldap.so
account required pam_unix2.so
password sufficient /lib/security/pam_ldap.so use_first_pass
use_authtok
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass
use_authtok
#password required pam_make.so /var/yp
session required pam_unix2.so
Any ideeas ?
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Tom Nielsen: "Re: [SLE] This list and support issues(Was:How do I install a bunch of files with rpm?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
