[389-users] Documentation for pam pass

[Prashanth Sundaram]

Hi,

Here¹s how my PAM PTA looks like. But id on;t think it is of much use.

dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
nsslapd-pluginEnabled: on
pamSecure: FALSE
pamExcludeSuffix: o=NetscapeRoot
pamExcludeSuffix: cn=config

I don¹t think the PTA will work against some other attribute which has same
value as Œuid¹. You may have to hack the filters under the hood to be able
to achieve that.

My first guess:
If you use PAM-PTA, you still need some PAM module to specify the stack to
be used for PTA. So you need Œldapserver01¹ file enabled and there you
define the translation of uid attribute to new attribute. I don¹t know if
this is do-able.

Can you post some logs, which will tell where the block is. How are you
specifying the master ldap server(server to authenticate)?

-Prashanth

----------------------------
Hey thanks man.

I have PAM PTA  with krb working fine as well..
However..I am trying to pass through to another LDAP server, how can i
go about doing that? The base of the tree on the other LDAP server is
different i want to use it to authenticate the accounts. The other
tree has the equivalent of the uid attribute in a different attribute.
I think my service file (ldapserver) is off.  Anyone have PAM PTA to
another LDAP server working? An example perhaps?
I am getting operations errors trying to use PAM PTA. I know the
passwords are correct so I am doing something incorrectly.

pam_passthru-plugin - => pam_passthru_bindpreop
pam_passthru-plugin - pam msg [0] = 1 Password:
pam_passthru-plugin - Error from PAM during pam_authenticate (6:
Permission denied)
pam_passthru-plugin - Unknown PAM error [Permission denied] for user
id [test_user], bind DN [uid=test_user,dc=example,dc=com]
 pam_passthru-plugin - <= handled (error 1 - Operations error)

Thanks again

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100326/eae1907e/attachment.html>