pam/ldap - question
basti
hope it's the right place to post my request ...
I thought that I understood ldap/pam authenification, but there is
still a basic question:
The local login is doing fine with ldap, but whether the ldap-server
is not running? After shutdown slapd, none is able to login the
machine. Problably it depends on pam, so there's the system-auth.
Maybe it's misconfigured ?
/etc/pam.d/system-auth:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
If the config should be improved, please let me know. Even if it's the
wrong NG ...
Thanks,
Bastian
Philippe MARASSE
> hope it's the right place to post my request ...
I don't know :-)
> I thought that I understood ldap/pam authenification, but there is
> still a basic question:
>
> The local login is doing fine with ldap, but whether the ldap-server
> is not running? After shutdown slapd, none is able to login the
> machine. Problably it depends on pam, so there's the system-auth.
> Maybe it's misconfigured ?
Yes, I had the very same problem...
>..
> account [default=bad success=ok user_unknown=ignore
> service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
>...
Try to add "authinfo_unavail=ignore" within the brackets, it worked for
me. I don't remember where on the net I've found this information,
whenever you use RH80 or RH90, authconfig does not add this option !
Rgds.