From: ipsaccount@bigpond.com
Date: Thu May 15 2003 - 22:01:25 EDT
Hi,
I have a Sun Fire V120 Server running Solaris 9.
I intend to use this machine as a nis server for our network (at least
until I get the nerve to tackle LDAP)
I have made copies of all the nis files (from our old server) into a
separate area /var/etc/yp.
This directory contains the nis passwd file, groups, netgroups,
hosts ... etc, and a security sub directory containing the
passwd.adjunct file.
I modified the /var/yp/Makefile to look in this area, and all maps
appear to be created sucessfully.
This setup exports nis databases correctly, but I am having
problems with pam on the server itself.
My first problem was that I could not log in via ssh. I managed to
get around this by replacing the following three lines
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_auth.so.1
with
other auth required pam_unix.so.1
My second problem is that users cannot change their passwords.
A users password can be changed by root, and the
password.adjunct file will be updated correctly, but when a user
issues the passwd -r nis command (or yppasswd) they get
passwd: Sorry, wrong passwd
Permission denied
when they enter their current password.
Using truss on passwd for both root and a user show that the user
never gets past the pam_passwd_auth module, and if I comment
this module out the users can change their passwords, BUT root
cannot change another users passwd as they are prompted for the
users current password.
The printout from pam_debug follows:
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 284640 auth.debug]
PAM[7791]: pam_start(passwd colin:26ae0) - debug = 1
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 278734 auth.debug]
PAM[7791]: pam_set_item(26ae0:service)
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 278734 auth.debug]
PAM[7791]: pam_set_item(26ae0:user)
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 278734 auth.debug]
PAM[7791]: pam_set_item(26ae0:conv)
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 278734 auth.debug]
PAM[7791]: pam_set_item(26ae0:repository)
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 867286 auth.debug]
PAM[7791]: pam_authenticate(26ae0, 0)
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 751559 auth.debug]
PAM[7791]: load_modules(26ae0, pam_sm_authenticate)=/us
r/lib/security/pam_passwd_auth.so.1
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 528798 auth.debug]
PAM[7791]: load_function: successful load of pam_sm_aut
henticate
May 16 11:36:24 ra.syd.ips.gov.au passwd[7791]: [ID 213765 auth.debug]
PAM[7791]: pam_get_user(26ae0, 27ce8, NULL)
May 16 11:36:28 ra.syd.ips.gov.au passwd[7791]: [ID 278734 auth.debug]
PAM[7791]: pam_set_item(26ae0:authtok)
May 16 11:36:28 ra.syd.ips.gov.au passwd[7791]: [ID 256217 auth.debug]
PAM[7791]: pam_authenticate(26ae0, 0): error Authentica
tion failed
May 16 11:36:28 ra.syd.ips.gov.au passwd[7791]: [ID 278734 auth.debug]
PAM[7791]: pam_set_item(26ae0:authtok)
May 16 11:36:28 ra.syd.ips.gov.au passwd[7791]: [ID 760621 auth.debug]
PAM[7791]: pam_end(26ae0): status = Success
Any help on this matter would be greatly appreciated.
Regards
Colin
I
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:25 EDT