Re: [pamldap] pam_ldap.so and Debian...making it work!

To: Joshua McClintock <joshm@singlestep.com>
Cc: debian-testing <debian-testing@lists.debian.org>, pam_ldap <pamldap@padl.com>
Subject: Re: [pamldap] pam_ldap.so and Debian...making it work!
From: Tim Jordan <timothy_jordan@labor.state.ak.us>
Date: Thu, 29 Apr 2004 06:01:02 -0800
Message-id: <[🔎] 1083247262.1587.24.camel@anc-debian>
In-reply-to: <1083284618.2816.111.camel@rancor.singlestep.com>
References: <[🔎] 1083236095.1591.7.camel@anc-debian> <1083284618.2816.111.camel@rancor.singlestep.com>

I noticed that the common-session is included under the login config. Although; I can't think of what session would have to do with user authentication.

Also, since there is "auth" lines in the login config perhaps I should include the pam_ldap.so at the top of the login config?

**I included comments showing how the respective config file is set.**

Debian Testing /etc/pam.d/login:
auth        requisite        pam_securetty.so     #Disallows root logins except on tty's..
auth        requisite        pam_nologin.so     #Disallows other than root logins when /etc/nologin exist
auth        required        pam_env.so          #Parses /etc/environment

@include    common-auth                   #auth    required    pam_login.so
@include    common-account             #account     required    pam_login.so
@include    common-session             #session    required    pam_unix.so

session        optional    pam_lastlog.so # prints last login info upon succesful login
session        optional    pam_motd.so # prints the motd upon succesful loing
session        optional    pam_mail.so    standard    noenv # prints status of users mbx upon login

Is there a "test" that would ensure that pam_ldap.so is being called? Just looking at the auth.log is not providing much except pam_unix.so entries.

Thanks,
Tim Jordan

On Thu, 2004-04-29 at 16:23, Joshua McClintock wrote:

Even though you changed this in the common-* pam configs,
/etc/pam.d/login is probally not 'including' the common configs.

If you trying to login via the console (tty), I believe the getty calls
login which uses /etc/pam.d/login.

On Thu, 2004-04-29 at 03:54, Tim Jordan wrote:
> I'm having a frustrating day trying to get my one box that is running
> Openldap to use pam_ldap.so for authentication via slapd.
> 
> Running Debian Testing.
> 
> I have configure openldap properly.  I can search and have already
> migrated local accounts up to Openldap.
> 
> I can see my directory nicely using GQ.
> 
> I have modified the
> /etc/pam.d/common-auth...common-password...common-account..
> respectivly to reflect:
> 
> auth          required     pam_ldap.so
> account     required    pam_ldap.so
> password   required     pam_ldap.so
> 
> I have restarted the server then logged in with my user account (tim).
> 
> I then reviewed the /var/log/auth.log and see that authentication is
> still using pam_unix.so.  It's really confusing to understand this
> becasue I commneted out all the pam_unix.so for the pam.d config files
> above.
> 
> If anyone can advise me on a good method for troubleshooting pam_ldap
> or perhaps enlighten me if debain does things differently the using
> the common-* config files.
> 
> Thank you,
> Tim Jordan
>

Reply to:

Follow-Ups:
- Re: [pamldap] pam_ldap.so and Debian...making it work!
  - From: Brendon Colby <bren@lightedge.com>

References:
- pam_ldap.so and Debian...making it work!
  - From: Tim Jordan <timothy_jordan@labor.state.ak.us>

Prev by Date: (no subject)
Next by Date: Re: Hardware detection question/problem
Previous by thread: pam_ldap.so and Debian...making it work!
Next by thread: Re: [pamldap] pam_ldap.so and Debian...making it work!
Index(es):
- Date
- Thread