[389-users] With LDAP server stopped, local authentication fails...
Tom Lanyon
tom at netspot.com.au
Sat Feb 6 13:51:17 UTC 2010
On 06/02/2010, at 2:50 AM, Sean Carolan wrote:
>> The problem is probably in pam. Lot s of internet docs have incorrect
>> info advice and say.
>> account required pam_nologin.so
>> account sufficient pam_ldap.so
>>
>> When you do that you get the situation you have now. In some phases of
>> login sufficient becomes required.
>>
>> Try this:
>
> Before I go changing system-auth by hand I would like to see if there
> is some way to get it working with the authconfig tool. This makes it
> easier for me to maintain consistency and configure multiple systems.
> Here is what is in my system-auth file now, and this was generated
> with the following command. Is the authconfig tool actually
> generating a "bad" configuration file? If so should this be
> considered a bug?
>
> #%PAM-1.0
> <snip>
Sean, Your system-auth pam config looks correct to me, and as you said, authconfig shouldn't be generating 'bad' configs unless it contains a bug.
Edward was suggesting a problem with the 'login' pam service, not system-auth, but I don't agree with his solution - I can't see how adding an explicit include of pam_ldap.so here for the account type is going to help, as by default this just defers to system-auth anyway.
Edward, are you able to offer any more insight into how this can help?
Regards,
Tom
More information about the 389-users
mailing list