Craig White wrote:
>
> On Fri, 2004-04-23 at 07:15, George Toft wrote:
> > Has anyone set up a debian box to use LDAP for authentication? I tried
> > it last night with mixed results:
> > - LDAP is working fine: I can retrieve the entries, and the command
> > getent shows entries from files and ldap.
> > - I can't log in:
> > - I can't change password:
> > # passwd gtoft
> > passwd: Critical error - immediate abort
> > #
> >
> > I think my problem lies in my PAM configuration. If anyone has done
> > this and wants to share their pam configs, I would be very appreciative.
> >
> > I have googled for the errors I've been getting and have retrieved 0
> > hits consistently :( This seems to be trivial under RedHat (or so say
> > all the web pages I found on the topic). Debian is another story.
> ----
> RH AS 3
> /etc/pam.d/system-auth #LDAP authentication
>
> # cat system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
> account [default=bad success=ok user_unknown=ignore
> service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
> session optional /lib/security/$ISA/pam_ldap.so
>
> HTH
>
> Craig
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Thank you! I'm doing this on a Debian system first, then a RH system.
The comments at the top of the config tells me quite a bit :)
--
George Toft +---------------------------------------------+
CISSP, MSIS | Kerckhoffs' Principle: If the cryptographic |
CTO/Computer Security | algorithm must remain secret in order for |
AGD,LLC | the system to be secure, then the system is |
www.agdllc.com | less secure. |
623-203-1760 +---------------------------------------------+
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss