the main reasons ... all account below 500 are system account in
In ubuntu and Debian all user account below >1000 are system account.
2011/11/25 Tom Tucker <tktucker(a)gmail.com>
Thanks for the feedback.
If I comment out "auth requisite pam_succeed_if.so uid >= 500 quiet"
in the system-auth file I was able to login with a UID of 108. Assuming
this restrictions is controlled on the Linux system, why do I experience no
problems when authenticating against the Sun One DS? I agree, the proper
fix would be to change users UID higher than 500.
On Fri, Nov 25, 2011 at 8:08 AM, Gary Algier <gaa(a)ulticom.com> wrote:
> On 11/24/11 23:25, Tom Tucker wrote:
> > My environment has a mixture of Solaris 8-10 and RHEL 4-5. These clients
> > are currently authenticating against a Sun One 5.X DS.
> > I have migrated the Sun One DB to my lab 389 DS. Users with a three
> > digit uidNumber are unable to login to Linux systems, however if they
> > connect to a Solaris system it works fine. If I add a fourth digit to
> > their uidNumber they are able access Linux systems just fine. Did I
> > miss a setting somewhere?
> > Thanks,
> > Tom
> > --
> > 389 users mailing list
> > 389-users(a)lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> The problem is more likely to be a limitation imposed by the PAM
> configuration on the Linux systems. Go look at /etc/pam.d/* and look
> for lines like:
> account sufficient pam_succeed_if.so uid < 500 quiet
> A grep for 500 should find lots of examples. The most likely conflict
> is in /etc/pam.d/system-auth. Comment the line and try again.
> Once upon a time UID numbers up through 99 were reserved for the OS, but
> somewhere along the line we ran out of numbers for such things as
> Apache, ssh, etc. which each needed their own number. Someone then
> decided that disallowing logins on these numbers was a good thing.
> Unfortunately, a lot of places have extant UIDs < 500 (mine is 402).
> You have two choices:
> 1. Change the UIDs of the logins of these users and all their
> files on all the systems they use.
> 2. Leave them alone and "fix" every Linux system.
> The problem with the second choice is that you could have people with
> the same UID as system processes. When they do an "ls -l" they may see
> that their files belong to "smolt" or "nagios" or similar. Also,
> would be able to edit files that perhaps should be off limits to them.
> Gary Algier, WB2FWZ gaa at ulticom.com
+1 856 787 2758
> Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
> Nielsen's First Law of Computer Manuals:
> People don't read documentation voluntarily.
> 389 users mailing list
389 users mailing list
[India] Pvt.Ltd (CMMI Level 3) | 582 MG Road Indore - 452003
MP [India] | Work +91-731-398-3486 Ext- 486 | Fax +91-731-2436615 | Mobile
+91-9826651100 *| *www.webdunia.net