Overovani vuci LDAP

Středa Březen 12 13:41:40 CET 2003

On Po, 2003-03-10 at 15:30, Michal Kaspar wrote:
> On Mon, Mar 10, 2003 at 03:09:42PM +0100, Pavel Lisy wrote:
> > On Po, 2003-03-10 at 11:38, Michal Kaspar wrote:
> > > On Mon, Mar 10, 2003 at 11:05:33AM +0100, Pavel Lisy wrote:
> > > > ----
> > > > #%PAM-1.0
> > > > # This file is auto-generated.
> > > > # User changes will be destroyed the next time authconfig is run.
> > > > auth        required      /lib/security/$ISA/pam_env.so
> > > > auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> > > > auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> > > > auth        required      /lib/security/$ISA/pam_deny.so
> > > > 
> > > > account     required      /lib/security/$ISA/pam_unix.so \
> > > > account     [default=bad success=ok user_unknown=ignore
> > > > service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
> > > > 
> > > > password    required      /lib/security/$ISA/pam_cracklib.so retry=3 \
> > > > type=
> > > > password    sufficient    /lib/security/$ISA/pam_unix.so nullok \
> > > > use_authtok md5 shadow
> > > > password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> > > > password    required      /lib/security/$ISA/pam_deny.so
> > > > 
> > > > session     required      /lib/security/$ISA/pam_limits.so
> > > > session     required      /lib/security/$ISA/pam_unix.so
> > > > session     optional      /lib/security/$ISA/pam_ldap.so
> > > > ----
> > > > 
> > > > 
> > > > [root na localhost]# cat su
> > > > ----
> > > > #%PAM-1.0
> > > > auth       sufficient   /lib/security/$ISA/pam_rootok.so
> > > > # Uncomment the following line to implicitly trust users in the "wheel"
> > > > # group.
> > > > #auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
> > > > # Uncomment the following line to require a user to be in the "wheel" 
> > > > # group.
> > > > #auth       required     /lib/security/$ISA/pam_wheel.so use_uid
> > > > auth       required	/lib/security/$ISA/pam_stack.so \
> > > > service=system-auth
> > > > account    required	/lib/security/$ISA/pam_stack.so \
> > > > service=system-auth
> > > > password   required	/lib/security/$ISA/pam_stack.so \
> > > > service=system-auth
> > > > session    required	/lib/security/$ISA/pam_stack.so \
> > > > service=system-auth
> > > > session    optional	/lib/security/$ISA/pam_xauth.so
> > > > ----
> > > > 
> > > > Coz mi jako laikovi pripada, ze je to v poradku.
> > > 
> > > 
> > > Co se stane, když do pam.d/su pridate
> > > > auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> > Bohuzel se tim nic nezmenilo
> 
> Ted jsem si vsiml, ze v tom prvnim je radku s pam_ldap vice, zkuste je
> do toho su dat vsechny.
Bohuzel to nefunguje ani kdyz tam obsah su nahradim obsahem system-auth.

Zkousim to na RH beta - phoebe, nemuze to byt chyba nekde u nich?

Existuje nekde strucny / pochopitelny popis jak by to melo fungovat?

Pavel
-- 
Pavel Lisy <pali na tmapy.cz>
T-MAPY spol. s r.o.