From: Andrew Laden (Andrew.Laden@tudor.com)
Date: Wed Aug 29 2007 - 11:36:40 EDT
Heya all Gurus.
I am trying to get my solaris 10 server to use our LDAP server for
authentication. It is not the SUN/Java/iPlanet LDAP server. I am using
Novell's eDirectory for reasons to long to go into here.
Our Linux machines authenticate correctly against the LDAP server, so I
know it is working in general.
I have done the basic LDAP configuration, ldaplist works correctly. I
can ldapsearch, etc, all as expected.
I did the crle fixes that are often recommended to add the mps
libraries. But something still isnt letting me log in.
My pam.conf file: (selected relevent portions, I think)
------------------
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1 debug
login auth required pam_dial_auth.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
-------------------------
I think that the ldap part is working, even, as when I run with the
debug turned on, I see a log message. If I type a wrong password, I get
a bind failed. If I type the right password, I get no message, which
seems to be to indicate that the bind is working.
Is there something in the ldap entry that needs to be there for solaris
10 that doesn't need to be there for linux? Or some other reason why it
wont let me in?
Also, I was reading somewhere that even if you get ldap authentication
working, you will not be able to get passwordless login (ie, via ssh key
authentication, or even .rhosts/.shosts files) because the new pam
modules need to look up something in ldap anyway, and you need the
password to bind to that. Is that still true? If so, can we just use the
older pam_unix modules?
Thanks
-Andrew
-- _________________________________________________________ This communication is intended only for the addressee(s) and may contain confidential information. We do not waive any confidentiality by misdelivery. If you receive this communication in error, any use, dissemination, printing or copying is strictly prohibited; please destroy all electronic and paper copies and notify the sender immediately. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:15 EDT