From: synrat (synrat@wirewalk.org)
Date: Mon Mar 01 2004 - 15:41:38 EST
Hello all.
I'm trying to setup access restrictions via host attribute in ldap.
I can't figure whether I need some setting in pam to enforce the
checking of that attribute ( like with PADL stuff ), or if this is
supposed to be checked for by default and doesn't work for me for some
reason. The goal is to have multuple host attributes for each user, thus
allowing access via ssh or other services to different machines.
There are a couple of local users per machine.
Relevant info:
pam.conf
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1 server_policy debug
login auth required pam_ldap.so.1 debug try_first_pass
I tried this ( and variations of ldap and pam_unix ) for ssh, and it
failed with the following messages:
sshd auth required pam_ldap.so.1 debug
sshd account required pam_ldap.so.1 debug
I suppose other service will be handled by "other" part of pam.conf ?
Mar 1 15:27:32 frodo sshd[13916]: [ID 285619 auth.debug] ldap
pam_sm_authenticate(sshd synrat), flags = 1
Mar 1 15:27:35 frodo last message repeated 1 time
Mar 1 15:27:35 frodo sshd[13916]: [ID 100510 auth.debug] ldap
pam_sm_acct_mgmt(synrat), flags = 0
Mar 1 15:27:35 frodo sshd[13916]: [ID 800047 auth.info] Accepted password
for synrat from 129.98.4.95 port 39304 ssh2
Mar 1 15:27:35 frodo sshd[13916]: [ID 800047 auth.crit] fatal: PAM
setcred failed[16]: Failure setting user credentials
The bind to LDAP is succesful, but what am I missing after that ?
Thank you all in advance.
will summarize.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:09 EDT