needed, PAM && LDAP help
01234567890123456789012345678901234567890123456789012345678901234567890123456789
I was following the thread on using LDAP to handle authentication of clients,
and I am having a lot of trouble getting things to work.
First I created a new testing account
# adduser testing
Second, I downloaded the conversion tools, turned off shadowpasswords, and
updated my LDAP database.
Using ldapsearch, I verified that all the accounts had been transfered over. I
then downloaded the pam_ldap modules, and changed /etc/pam.d/other to:
auth sufficient pam_ldap.so
auth required pam_unix_auth.so try_first_pass
account required pam_unix_acct.so
password required pam_unix_passwd.so shadow
session required pam_unix_session.so
Note: there is not an /etc/pam.d/login file.
I also changed the /etc/pam_ldap.conf so that it had the correct search base,
and also used LDAP v 3.
Then I deleted the test account from /etc/password, /etc/shadow etc.
But I was not able to login with the test account.
Have I left out some steps? Do I need some special PAMifed getty or something?
I also decided to try and see if PAM was working at all, so I copied
/etc/pam.d/other to /etc/pam.d/login, and changed the file to read
auth required pam_deny.so
account required pam_unix_acct.so
password required pam_unix_passwd.so shadow
session required pam_unix_session.so
But even with PAM deny as the first module, I still was able to login.
Why is that?
Do you know of any docs that I have missed?
TIA,
Bill Van Devender
Reply to: