Re: LDAP Authentication on Debian - help?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMTony Wasson at <-
MMGeorge Toft at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
To: plug-discuss
Subject: Re: LDAP Authentication on Debian - help?
Craig White wrote:
>
> On Fri, 2004-04-23 at 07:15, George Toft wrote:
> > Has anyone set up a debian box to use LDAP for authentication? I tried
> > it last night with mixed results:
> > - LDAP is working fine: I can retrieve the entries, and the command
> > getent shows entries from files and ldap.
> > - I can't log in:
> > - I can't change password:
> > # passwd gtoft
> > passwd: Critical error - immediate abort
> > #
> >
> > I think my problem lies in my PAM configuration. If anyone has done
> > this and wants to share their pam configs, I would be very appreciative.
> >
> > I have googled for the errors I've been getting and have retrieved 0
> > hits consistently :( This seems to be trivial under RedHat (or so say
> > all the web pages I found on the topic). Debian is another story.
> ----
> RH AS 3
> /etc/pam.d/system-auth #LDAP authentication
> 
> # cat system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so

> 
> account     required      /lib/security/$ISA/pam_unix.so
> account     [default=bad success=ok user_unknown=ignore
> service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

> 
> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so

> 
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so

>
> HTH
>
> Craig
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss 


Thank you!  I'm doing this on a Debian system first, then a RH system. 
The comments at the top of the config tells me quite a bit :)
-- 
George Toft           +---------------------------------------------+
CISSP, MSIS           | Kerckhoffs' Principle: If the cryptographic |
CTO/Computer Security | algorithm must remain secret in order for   |
AGD,LLC               | the system to be secure, then the system is |
www.agdllc.com        | less secure.                                |
623-203-1760          +---------------------------------------------+
---------------------------------------------------
PLUG-discuss mailing list - 
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: HTML tablesRe: LDAP Authentication on Debian - help?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)