[lug] pam_ldap and passwd
dan radom
dan at radom.org
Fri Apr 25 09:27:37 MDT 2003
I'm in the process of converting 6K users from NIS to LDAP, and I'm
struggling with pam_ldap and passwd.
/etc/pam.d/passwd
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
/etc/pam.d/system-auth
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
With the above pam configuration passwd prompts me for my current LDAP
password, which it then tells me is invalid. If i remove the system-auth
"password required /lib/security/pam_deny.so" line it fails on my
current LDAP password 3 times, and then allows me to supply a new
password which does get updated to LDAP.
Has anyone seen anything like this before? Any suggestions?
thanks.
dan
More information about the LUG
mailing list