difficulty configuring innd with pamckpasswd

Kim Moir Kim_Moir at oti.com
Tue Nov 26 14:14:59 UTC 2002 

Thank you!  My /etc/pam.d/nnrpd file now looks like this and it works.

#
# The PAM configuration file for the Shadow `nnrpd' service
#

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth            requisite       pam_nologin.so

# Ensure that system users cannot login -- this is probably a bit
# hacky, but it'll do for now.
auth            required        pam_listfile.so \
        onerr=succeed item=user sense=deny file=/etc/news/readers.deny

# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth    sufficient              pam_unix.so
auth    required                pam_ldap.so use_first_pass


Kim




Russ Allbery <rra at stanford.edu> 
Sent by: inn-workers-bounce at isc.org
11/25/2002 05:23 PM

To
inn-workers at isc.org
cc

Subject
Re: difficulty configuring  innd with pamckpasswd







Kim Moir <Kim_Moir at oti.com> writes:

> Using ssh, I can login to the server with my ldap username and password
> so /etc/nsswitch.conf is configured correctly.  However, I cannot login
> via pamckpasswd with innd.

> My /etc/pam.d/nnrpd looks like this 
> #
> # The PAM configuration file for the Shadow `nnrpd' service
> #

> # Disallows other than root logins when /etc/nologin exists
> # (Replaces the `NOLOGINS_FILE' option from login.defs)
> auth            requisite       pam_nologin.so

> # Ensure that system users cannot login -- this is probably a bit
> # hacky, but it'll do for now.
> auth            required        pam_listfile.so \
>         onerr=succeed item=user sense=deny file=/etc/news/readers.deny

> # Standard Un*x authentication. The "nullok" line allows passwordless
> # accounts.
> auth            required        pam_unix.so

[...]

> I've removed the information from /etc/passwd, group and shadow for the
> user that is trying to post so that user is forced to use the
> information from the ldap server.

Maybe I'm missing something, but I don't see anywhere in the above
configuration where PAM is being pointed at LDAP.  It looks like it's
either /etc/passwd authentication or bust with that configuration.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.

More information about the inn-workers mailing list