pam.conf on Solaris 2.6?

From: Vsevolod (Simon) Ilyushchenko (simonf@cshl.edu)
Date: Wed Nov 30 2005 - 20:13:24 EST

• Next message: Ankur Sethi (GR/EIL): "Query regarding fattach() call on a clustered file system on Solaris 8!!"
• Previous message: bkc777@comcast.net: "SunCluster 3.0 and 3310"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Has anyone been able to make OpenLDAP work via pam.conf in Solaris 2.6?
(Don't ask. :) The 'id' and 'su' commands don't even use LDAP, and when
I enable UsePam in openssh, the LDAP calls are made, but the user is not
recognized. When I look at the traffic, I see this:

   0.003082 client -> server LDAP MsgId=2 Search Request, Base
DN=dc=cshl,dc=edu

... The correct uid is requested.

   0.003882 server -> client LDAP MsgId=2 Search Entry, 1 result

... Correct user entry is returned, but the next client request is very
puzzling:

   0.005893 client -> server LDAP MsgId=3 Bind Request,
DN=uid=ilyush,ou=People,dc=cshl,dc=edu

0000 00 11 25 29 98 74 00 30 7b 94 f2 94 08 00 45 00 ..%).t.0{.....E.
0010 00 85 e1 2c 40 00 fe 06 4a 84 8f 30 07 df 8f 30 ...,@...J..0...0
0020 2a 82 fa 6a 01 85 6c c4 0b 8c eb 0c 9d d6 50 18 *..j..l.......P.
0030 22 38 d4 76 00 00 30 5b 02 01 03 60 37 02 01 03 "8.v..0[...`7...
0040 04 23 75 69 64 3d 69 6c 79 75 73 68 2c 6f 75 3d .#uid=ilyush,ou=
0050 50 65 6f 70 6c 65 2c 64 63 3d 63 73 68 6c 2c 64 People,dc=cshl,d
0060 63 3d 65 64 75 80 0d 08 0a 0d 7f 49 4e 43 4f 52 c=edu......INCOR
0070 52 45 43 54 a0 1d 30 1b 04 19 31 2e 33 2e 36 2e RECT..0...1.3.6.
0080 31 2e 34 2e 31 2e 34 32 2e 32 2e 32 37 2e 38 2e 1.4.1.42.2.27.8.
0090 35 2e 31 5.1

Obviously, this attempt to login does not work:

   0.006885 server -> client LDAP MsgId=3 Bind Result, Invalid credentials

0000 00 00 0c 07 ac 2a 00 11 25 29 98 74 08 00 45 00 .....*..%).t..E.
0010 00 36 21 22 40 00 40 06 c8 de 8f 30 2a 82 8f 30 .6!"@.@....0*..0
0020 07 df 01 85 fa 6a eb 0c 9d d6 6c c4 0b e9 50 18 .....j....l...P.
0030 16 d0 50 ea 00 00 30 0c 02 01 03 61 07 0a 01 31 ..P...0....a...1
0040 04 00 04 00 ....

I've taken the pam.conf file that works fine for me on Solaris 8 and
removed all the non-existent libraries. Here it is:

***
login auth sufficient pam_unix.so.1
login auth required pam_ldap.so.1

rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth required pam_unix.so.1

dtlogin auth required pam_unix.so.1

rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix.so.1

other auth sufficient pam_unix.so.1
other auth sufficient pam_ldap.so

login account sufficient pam_unix.so.1
login account required pam_ldap.so

other account sufficient pam_unix.so.1
other account required pam_ldap.so

other session required pam_unix.so.1

dtsession auth required pam_unix.so.1

passwd auth required pam_passwd_auth.so.1
ppp auth required pam_unix.so.1
ppp auth required pam_dial_auth.so.1
cron account required pam_unix.so.1
***

Thanks,
Simon

-- 
Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
                 http://www.simonf.com
"Think like a man of action, act like a man of thought."
                  Henri Bergson
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Ankur Sethi (GR/EIL): "Query regarding fattach() call on a clustered file system on Solaris 8!!"
• Previous message: bkc777@comcast.net: "SunCluster 3.0 and 3310"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:37:15 EDT