[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

needed, PAM && LDAP help

01234567890123456789012345678901234567890123456789012345678901234567890123456789


I was following the thread on using LDAP to handle authentication of clients,
and I am having a lot of trouble getting things to work.

First I created a new testing account

# adduser testing

Second, I downloaded the conversion tools, turned off shadowpasswords, and 
updated my LDAP database.

Using ldapsearch, I verified that all the accounts had been transfered over. I 
then downloaded the pam_ldap modules, and changed /etc/pam.d/other to: 

auth     sufficient     pam_ldap.so
auth     required       pam_unix_auth.so     try_first_pass
account  required       pam_unix_acct.so
password required       pam_unix_passwd.so   shadow
session  required       pam_unix_session.so

Note: there is not an /etc/pam.d/login file.

I also changed the /etc/pam_ldap.conf so that it had the correct search base,
and also used LDAP v 3.

Then I deleted the test account from /etc/password, /etc/shadow etc.

But I was not able to login with the test account.

Have I left out some steps?  Do I need some special PAMifed getty or something?

I also decided to try and see if PAM was working at all, so I copied
/etc/pam.d/other to /etc/pam.d/login, and changed the file to read

auth     required       pam_deny.so     
account  required       pam_unix_acct.so
password required       pam_unix_passwd.so   shadow
session  required       pam_unix_session.so

But even with PAM deny as the first module, I still was able to login.
Why is that?  

Do you know of any docs that I have missed? 

TIA,

Bill Van Devender
Reply to: