difficulty configuring innd with pamckpasswd
Kim Moir
Kim_Moir at oti.com
Tue Nov 26 14:14:59 UTC 2002
Thank you! My /etc/pam.d/nnrpd file now looks like this and it works.
#
# The PAM configuration file for the Shadow `nnrpd' service
#
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# Ensure that system users cannot login -- this is probably a bit
# hacky, but it'll do for now.
auth required pam_listfile.so \
onerr=succeed item=user sense=deny file=/etc/news/readers.deny
# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth sufficient pam_unix.so
auth required pam_ldap.so use_first_pass
Kim
Russ Allbery <rra at stanford.edu>
Sent by: inn-workers-bounce at isc.org
11/25/2002 05:23 PM
To
inn-workers at isc.org
cc
Subject
Re: difficulty configuring innd with pamckpasswd
Kim Moir <Kim_Moir at oti.com> writes:
> Using ssh, I can login to the server with my ldap username and password
> so /etc/nsswitch.conf is configured correctly. However, I cannot login
> via pamckpasswd with innd.
> My /etc/pam.d/nnrpd looks like this
> #
> # The PAM configuration file for the Shadow `nnrpd' service
> #
> # Disallows other than root logins when /etc/nologin exists
> # (Replaces the `NOLOGINS_FILE' option from login.defs)
> auth requisite pam_nologin.so
> # Ensure that system users cannot login -- this is probably a bit
> # hacky, but it'll do for now.
> auth required pam_listfile.so \
> onerr=succeed item=user sense=deny file=/etc/news/readers.deny
> # Standard Un*x authentication. The "nullok" line allows passwordless
> # accounts.
> auth required pam_unix.so
[...]
> I've removed the information from /etc/passwd, group and shadow for the
> user that is trying to post so that user is forced to use the
> information from the ldap server.
Maybe I'm missing something, but I don't see anywhere in the above
configuration where PAM is being pointed at LDAP. It looks like it's
either /etc/passwd authentication or bust with that configuration.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list