[Fwd: Re: [pamldap] pam_ldap.so and Debian...making it work!]

I'm forwarding this to the group hoping someone is comfterble with pam
authentication uder Debian. I'm working at getting pam_ldap.so to
perform so I can authenticate against my LDAP directory.
Please read and comment if possible.

Thanks,
TJ
-----Forwarded Message-----

> From: Tim Jordan <Timothy_Jordan@labor.state.ak.us>
> To: Joshua McClintock <joshm@singlestep.com>
> Cc: debian-testing <debian-testing@lists.debian.org>, pam_ldap
> <pamldap@padl.com>
> Subject: Re: [pamldap] pam_ldap.so and Debian...making it work!
> Date: Thu, 29 Apr 2004 06:01:02 -0800
>
> I noticed that the common-session is included under the login config.
> Although; I can't think of what session would have to do with user
> authentication.
>
> Also, since there is "auth" lines in the login config perhaps I should
> include the pam_ldap.so at the top of the login config?
>
> **I included comments showing how the respective config file is set.**
>
> Debian Testing /etc/pam.d/login:
> auth requisite pam_securetty.so #Disallows root
> logins except on tty's..
> auth requisite pam_nologin.so #Disallows other than
> root logins when /etc/nologin exist
> auth required pam_env.so #Parses
> /etc/environment
>
> @include common-auth #auth required
> pam_login.so
> @include common-account #account required
> pam_login.so
> @include common-session #session required
> pam_unix.so
>
> session optional pam_lastlog.so # prints last login info
> upon succesful login
> session optional pam_motd.so # prints the motd upon
> succesful loing
> session optional pam_mail.so standard noenv # prints
> status of users mbx upon login
>
>
> Is there a "test" that would ensure that pam_ldap.so is being called?
> Just looking at the auth.log is not providing much except pam_unix.so
> entries.
>
> Thanks,
> Tim Jordan
>
> On Thu, 2004-04-29 at 16:23, Joshua McClintock wrote:
>
> > Even though you changed this in the common-* pam configs,
> > /etc/pam.d/login is probally not 'including' the common configs.
> >
> > If you trying to login via the console (tty), I believe the getty calls
> > login which uses /etc/pam.d/login.
> >
> > On Thu, 2004-04-29 at 03:54, Tim Jordan wrote:
> > > I'm having a frustrating day trying to get my one box that is running
> > > Openldap to use pam_ldap.so for authentication via slapd.
> > >
> > > Running Debian Testing.
> > >
> > > I have configure openldap properly. I can search and have already
> > > migrated local accounts up to Openldap.
> > >
> > > I can see my directory nicely using GQ.
> > >
> > > I have modified the
> > > /etc/pam.d/common-auth...common-password...common-account..
> > > respectivly to reflect:
> > >
> > > auth required pam_ldap.so
> > > account required pam_ldap.so
> > > password required pam_ldap.so
> > >
> > > I have restarted the server then logged in with my user account (tim).
> > >
> > > I then reviewed the /var/log/auth.log and see that authentication is
> > > still using pam_unix.so. It's really confusing to understand this
> > > becasue I commneted out all the pam_unix.so for the pam.d config files
> > > above.
> > >
> > > If anyone can advise me on a good method for troubleshooting pam_ldap
> > > or perhaps enlighten me if debain does things differently the using
> > > the common-* config files.
> > >
> > > Thank you,
> > > Tim Jordan
> > >

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Apr 29 18:01:06 2004