Re: [pamldap] pam_ldap.so and Debian...making it work!

Thu, 29 Apr 2004 19:02:31 -0700

I noticed that the common-session is included under the login config.  Although; I can't think of what session would have to do with user authentication.

Also, since there is "auth" lines in the login config perhaps I should include the pam_ldap.so at the top of the login config? 

**I included comments showing how the respective config file is set.**

Debian Testing /etc/pam.d/login:
auth        requisite        pam_securetty.so     #Disallows root logins except on tty's..
auth        requisite        pam_nologin.so     #Disallows other than root logins when /etc/nologin exist
auth        required        pam_env.so          #Parses /etc/environment

@include    common-auth                   #auth    required    pam_login.so
@include    common-account             #account     required    pam_login.so
@include    common-session             #session    required    pam_unix.so

session        optional    pam_lastlog.so # prints last login info upon succesful login
session        optional    pam_motd.so  # prints the motd upon succesful loing
session        optional    pam_mail.so    standard    noenv # prints status of users mbx upon login


Is there a "test" that would ensure that pam_ldap.so is being called?  Just looking at the auth.log is not providing much except pam_unix.so entries.

Thanks,
Tim Jordan

On Thu, 2004-04-29 at 16:23, Joshua McClintock wrote: 
Even though you changed this in the common-* pam configs,
/etc/pam.d/login is probally not 'including' the common configs.

If you trying to login via the console (tty), I believe the getty calls
login which uses /etc/pam.d/login.

On Thu, 2004-04-29 at 03:54, Tim Jordan wrote:
> I'm having a frustrating day trying to get my one box that is running
> Openldap to use pam_ldap.so for authentication via slapd.
> 
> Running Debian Testing.
> 
> I have configure openldap properly.  I can search and have already
> migrated local accounts up to Openldap.
> 
> I can see my directory nicely using GQ.
> 
> I have modified the
> /etc/pam.d/common-auth...common-password...common-account..
> respectivly to reflect:
> 
> auth          required     pam_ldap.so
> account     required    pam_ldap.so
> password   required     pam_ldap.so
> 
> I have restarted the server then logged in with my user account (tim).
> 
> I then reviewed the /var/log/auth.log and see that authentication is
> still using pam_unix.so.  It's really confusing to understand this
> becasue I commneted out all the pam_unix.so for the pam.d config files
> above.
> 
> If anyone can advise me on a good method for troubleshooting pam_ldap
> or perhaps enlighten me if debain does things differently the using
> the common-* config files.
> 
> Thank you,
> Tim Jordan
>

Reply via email to