Bug#268036: kdm requires /etc/passwd entry when using pam_ldap

To: 268036@bugs.debian.org
Subject: Bug#268036: kdm requires /etc/passwd entry when using pam_ldap
From: browaeys.alban@wanadoo.fr
Date: Thu, 20 Jan 2005 05:01:28 +0100
Message-id: <[🔎] 20050120040128.GA6559@argos.server.maison>
Reply-to: browaeys.alban@wanadoo.fr, 268036@bugs.debian.org

I use ldap ( server on localhost no certificate, no encryption)
and have no problem with kdm.

A few ideas , thoug i don t think it will fix the problem you have:
- use_first_pass should not be used for session. we either use the unix
  env or the ldap one (shell and such)
- my common account is:
account        sufficient      pam_ldap.so 
account required        pam_unix.so
i guess you remove unix so they cannot login via ssh, i don't now if it
breaks something.


One comment about getpwname :
"Since files is first for passwd, i'm assuming kdm is calling getpwnam
and 
returning failure before checking with the ldap server."


man getpwnam:
"The  getpwnam()  function  returns  a pointer to a structure containing
the broken out fields of a line
from /etc/passwd for the entry that matches the user name name.

The getpwuid() function returns a pointer to a structure
containing the broken out  fields  of  a  line
from /etc/passwd for the entry that matches the
user uid uid."

but then : 
"The  user  password database mostly refers to /etc/passwd.
However, with recent systems it also refers
to network wide databases using NIS, LDAP and other local
files as configured in /etc/nsswitch.conf."

my understanding is that the first quote is obsolete and getpwname does
retrieve info from all the databases and return when it has found one
valid.

So getpwnam only return an entry for the ldap server if the user does
not exists in the /etc/passwd file.


I would guess that either the use_first_pass for session break kdm , the
user exists in the passwd file with a different password or kdm requires
something that you don t have with the ldap account:
- a valid login shell
- the home directory to be available and have the right permission
  (there is an option in gdm for it to check that, maybe kde did it by
  default).
When you create a local account with adduser those are created and setup
by the script, that s why i guess the problem may be there.


What is strange is you have no debug output even with pam rules setted
to debug.

Regards
Alban

Reply to:

Prev by Date: Bug#268036: kdm requires /etc/passwd entry when using pam_ldap
Next by Date: Bug#280840: marked as done (kdegames: should Build-Conflict with autoconf2.13 or should stop running autoconf at buildtime)
Previous by thread: Bug#268036: kdm requires /etc/passwd entry when using pam_ldap
Next by thread: Bug#280840: marked as done (kdegames: should Build-Conflict with autoconf2.13 or should stop running autoconf at buildtime)
Index(es):
- Date
- Thread