difficulty configuring innd with pamckpasswd

Kim Moir Kim_Moir at oti.com
Mon Nov 25 21:41:12 UTC 2002 

Hi

I'm having difficulty configuring innd to authenticate to an ldap server 
using pamckpasswd.  My server is running Redhat 7.1 and innd 2.3.1-2

If I use ckpasswd -s in /etc/news/readers.conf, I can authenticate using 
my shadow files.

Using ssh, I can login to the server with my ldap username and password so 
/etc/nsswitch.conf is configured correctly.  However, I cannot login via 
pamckpasswd with innd.

I've compiled and installed pamckpasswd in 
/usr/bin/auth/passwd/pamckpasswd
chown 4554 pamckpasswd
chmod root.news pamckpasswd

My /etc/pam.d/nnrpd looks like this 
#
# The PAM configuration file for the Shadow `nnrpd' service
#

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth            requisite       pam_nologin.so

# Ensure that system users cannot login -- this is probably a bit
# hacky, but it'll do for now.
auth            required        pam_listfile.so \
        onerr=succeed item=user sense=deny file=/etc/news/readers.deny

# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth            required        pam_unix.so


My /etc/news/readers.conf looks like this

auth "localhost" {
        hosts: "localhost, 127.0.0.1, stdin, *.mydomain.com"
        auth: "pamckpasswd"
}

access "fail" {
        newsgroups: !*
}

access "full" {
        users: *
        newsgroups: *
}


The following error messages appear in /var/log/news/news.err

Nov 25 16:06:05 server2 nnrpd[12968]: server1.mydomain.com connect
Nov 25 16:06:11 server2 nnrpd[12968]: server1.mydomain.com auth_err 
Failed: Authentication service cannot retrieve
authentication info..

The same message appears if run pamckpasswd from the password from the 
command line as user news with the appropriate parameters.

I've removed the information from /etc/passwd, group and shadow for the 
user that is trying to post so that user is forced to use the information 
from the ldap server.

Any assistance would be greatly appreciated.  Thanks in advance!

Kim

More information about the inn-workers mailing list