Package: kdm Version: 3.2.2-1 My OpenLDAP server works fine with ssh etc. as well, but KDM seems to have problems.
When kdm is configured to use pam_ldap, it still requires the username to be in /etc/passwd. Example: Logging in through KDM with username mike The logs show Oct 7 12:34:38 server kdm: 10.10.10.102:1[32188]: getpwnam(mike) failed. Nothing else in the logs indicate a problem. And KDM says "Fatal error has occurred." and tells me to contact my system administrator. simply adding mike:x:<uid>:<gid>:<homedir>:<shell> to the /etc/passwd file (not to groups/shadow etc) will work fine. KDM authenticates the password against the LDAP server and lets me in. /etc/pam.d/kdm # # /etc/pam.d/kdm - specify the PAM behaviour of kdm # # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and # /etc/shadow entries. @include common-auth @include common-account @include common-password @include common-session auth required pam_nologin.so auth required pam_env.so session required pam_limits.so /etc/pam.d/common-auth auth sufficient pam_ldap.so debug auth required pam_unix.so use_first_pass #auth required pam_unix.so nullok_secure /etc/pam.d/common-account account sufficient pam_ldap.so debug #account required pam_unix.so /etc/pam.d/common-session session sufficient pam_ldap.so debug session required pam_unix.so use_first_pass #session required pam_unix.so /etc/pam.d/common-password password sufficient pam_ldap.so debug password required pam_unix.so try_first_pass nullok obscure min=8 md5 /etc/nssswitch.conf passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Since files is first for passwd, i'm assuming kdm is calling getpwnam and returning failure before checking with the ldap server. Again, all other ldap functionality works -- even with no username in the /etc/passwd file. Thanks, - Mike
