On Fri, 2004-04-23 at 07:15, George Toft wrote:
> Has anyone set up a debian box to use LDAP for authentication? I tried
> it last night with mixed results:
> - LDAP is working fine: I can retrieve the entries, and the command
> getent shows entries from files and ldap.
> - I can't log in:
> - I can't change password:
> # passwd gtoft
> passwd: Critical error - immediate abort
> #
>
> I think my problem lies in my PAM configuration. If anyone has done
> this and wants to share their pam configs, I would be very appreciative.
>
> I have googled for the errors I've been getting and have retrieved 0
> hits consistently :( This seems to be trivial under RedHat (or so say
> all the web pages I found on the topic). Debian is another story.
----
RH AS 3
/etc/pam.d/system-auth #LDAP authentication
# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
HTH
Craig
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)