From: Tom Lieuallen (toml@engr.orst.edu)
Date: Thu Aug 04 2005 - 16:28:24 EDT
We have an LDAP environment using DS 5.2 and are migrating clients from
solaris 8 to solaris 10. We're having a problem authenticating with
sudo on the solaris 10 boxes. sudo is compiled to use pam. If I change
the authentication on the machine to 'simple', sudo works. If I change
to 'tls:simple' (our preferred method), sudo does not work.
I believe that some of the pam stuff changed with solaris 10. I'm not
sure if sudo needs some changes to work with it or not. Or, whether
there's something slightly wrong with our ldap config that only sudo is
catching.
sudo's error message is: pam_authenticate: No account present for user
I do find it curious that when I run sudo in solaris 10, the following
is issued to the ldap server:
SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl
supportedSASLMechanisms"
I don't see that when a solaris 8 machine sudo's.
My relevant entries in pam.conf for solaris 10 are:
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
Any ideas? I'm stuck. Even knowing if other people have it working
would be a big start. I have tried adding debug options to the pam
lines, but it just isn't helpful. I think the issue is more tls than
pam. /var/ldap/{key3,cert7}.db are world readable.
thank you
-- Tom Lieuallen Oregon State University _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:15 EDT