From: Rich Fox (rfox@mbl.edu)
Date: Tue May 25 2004 - 14:14:39 EDT
Hi,
I have searched the archives for an answer to these quesitons, but the
closest I found was from 1994 and was referencing a mechanism that doesn't
appear to be present on contemporary Tru64 systems. Also, forgive me if
this is elementary, I am a Tru64 newbie, and this is my first post...
I have a DS20 running Tru64 5.1a...
# uname -a
OSF1 astro.mbl.edu V5.1 1885 alpha
On this system, another sysadmin managed to setup the /etc/sia/matrix.conf
file so that it would authenticate root from the local BSD files and
authenticate all other users via an LDAP server we have set up based on
OpenLDAP.
Everytime the system boots (and apparently, otherwise periodically), the
/etc/sia/matrix.conf file that he managed to hack together gets
overwritten by a BSD only conf file. Our silly workaround is to go in as
root and copy a backup of the good matrix.conf (that he hacked
together) over the updated one so that our authentication works again.
I have been trying to use siacfg to configure this file the 'correct' way,
but have run into a number of problems and wierdness, thus, this message.
My questions are:
I want to try to place the LDAP settings after the BSD settings in the
default matrix.conf (with default BSD settings). If I follow the
instructions in man siacfg, it says that I should use the -A with the -a
and positioning with -R BSD in order to specify that the LDAP should be
checked following the BSD files so that it looks something like this:
[snip]
siad_chg_password=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_chg_shell=(BSD,libc.so)
siad_chk_user=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_ses_init=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
[snip]
So, I constructed the command:
siacfg -a -A -R BSD -F matrix-rich.conf LDAP /usr/shlib/libsialdap.so
(Note: I know that there are no group specifications in this command)
and I end up with:
...
siad_chg_password=(LDAP,/usr/shlib/libsialdap.so) (BSD,libc.so)
siad_chg_shell=(LDAP,/usr/shlib/libsialdap.so) (BSD,libc.so)
siad_chk_user=(LDAP,/usr/shlib/libsialdap.so) (BSD,libc.so)
siad_ses_init=(LDAP,/usr/shlib/libsialdap.so) (BSD,libc.so)
...
Furthermore, the command tells me lots of:
...
Warning: mechanism 'BSD' not found for 'siad_getpwnam'.
Warning: mechanism 'BSD' not found for 'siad_getpwuid'.
Warning: mechanism 'BSD' not found for 'siad_init'.
Warning: mechanism 'BSD' not found for 'siad_ses_init'.
...
I get the exact same result if I do this without the -A -R song and dance.
What am I missing here?
In addition, the man 8 siacfg specifies the following command line
options:
/usr/sbin/siacfg [-[arul]] [-g group_codes] [-[PA]] [-R other_mech] [-D]
[-F matrix_file] name path
but -D is not documented in the man pages.
I appreciate any advice, and especially any pointers to
relevant documentation. Most of the docs I have found online talk
extensively about setting up enhanced security, but I'm not sure how
relevant that is.
Thanks much,
Rich.
Rich Fox
Systems Administrator
JBPC - Marine Biological Laboratory
http://www.mbl.edu/
7 MBL Street - Woods Hole, MA 02543
508-289-7292 (Phone/voicemail)
rfox@mbl.edu
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:59 EDT