Craig White wrote:
> 
> On Fri, 2004-04-23 at 07:15, George Toft wrote:
> > Has anyone set up a debian box to use LDAP for authentication?  I tried
> > it last night with mixed results:
> > - LDAP is working fine: I can retrieve the entries, and the command
> > getent shows entries from files and ldap.
> > - I can't log in:
> > - I can't change password:
> > # passwd gtoft
> > passwd: Critical error - immediate abort
> > #
> >
> > I think my problem lies in my PAM configuration.  If anyone has done
> > this and wants to share their pam configs, I would be very appreciative.
> >
> > I have googled for the errors I've been getting and have retrieved 0
> > hits consistently :(  This seems to be trivial under RedHat (or so say
> > all the web pages I found on the topic).  Debian is another story.
> ----
> RH AS 3
> /etc/pam.d/system-auth #LDAP authentication
> 
> # cat system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
> 
> account     required      /lib/security/$ISA/pam_unix.so
> account     [default=bad success=ok user_unknown=ignore
> service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
> 
> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
> 
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so
> 
> HTH
> 
> Craig
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Thank you!  I'm doing this on a Debian system first, then a RH system. 
The comments at the top of the config tells me quite a bit :)
-- 
George Toft           +---------------------------------------------+
CISSP, MSIS           | Kerckhoffs' Principle: If the cryptographic |
CTO/Computer Security | algorithm must remain secret in order for   |
AGD,LLC               | the system to be secure, then the system is |
www.agdllc.com        | less secure.                                |
623-203-1760          +---------------------------------------------+
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss