[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-hardened
Subject: Re: [gentoo-hardened] Having a long delay at login prompt.
From: Julien Thomas <julien.thomas () enst-bretagne ! fr>
Date: 2007-12-17 8:20:22
Message-ID: 47663146.7090101 () enst-bretagne ! fr
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Hello.
In fact, at the beginning it was a misconfiguration of the security
parameters of the connexion, which made the ldap server unable to
answer the requests.
But per default, without LDAP module, you should not have any problem of
this kind ...
I have checked one of my server SELinux configuration, and I note the
following differences (marks [x]) with what you have posted (I do not
have inserted marks when your lines have additional parameters)
Hopes it could help.
NB: Some lines are for pam_ldap, though
* common-auth
auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required pam_deny.so
* system-auth
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok shadow [x]
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_deny.so [x]
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok
shadow md5
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
[x] note that I have commented the PAM-1.0 section, which is not the
case for you.
For the nsswitch.conf (Yes, it was the file I was talking about),I have
similar lines, with ldap parameters sometimes. So the problem should not
be here.
Julien Thomas.
Ashish Shukla आशीष शुक्ल a écrit :
> ,--- julien thomas writes:
> | Hi.
>
> Hi,
>
> | When I used PAM with LDAP, I experienced the same problems sometimes.
> | Do you use additionnal PAM modules?
>
> I pasted my PAM configuration earlier, I don't use any other module
> except those listed there. Did you find the cause of your problem ?
> What I think in your case the problem will be availability of
> unavailability of LDAP at the time of logon.
>
> | For instance, what is your /etc/nss.conf file ? (I mean, the nss
> | configuration file, but I am not sure of the name)
>
> I hope you mean nsswitch.conf. Following is my nsswitch.conf:
>
> ----8<----8<----
> # /etc/nsswitch.conf:
> # $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1
> 2006/09/29 23:52:23 vapier Exp $
>
> passwd: compat
> shadow: compat
> group: compat
>
> # passwd: db files nis
> # shadow: db files nis
> # group: db files nis
>
> hosts: files dns
> networks: files dns
>
> services: db files
> protocols: db files
> rpc: db files
> ethers: db files
> netmasks: files
> netgroup: files
> bootparams: files
>
> automount: files
> aliases: files
> ---->8---->8----
>
> | An other point would be the login configuration. For instance, with
> | pamldap,I configured NFS based home directory ...
>
> I have my home directory on the same partition on the same hard disk
> as the gentoo installation.
>
> | Julien Thomas.
>
> Thanks
--
My RSA public key for email authentication is avaiblable at
http://www.rennes.enst-bretagne.fr/~jthomas2/
and on the PGP server http://subkeys.pgp.net
["julien_thomas.vcf" (text/x-vcard)]
["signature.asc" (application/pgp-signature)]
--
gentoo-hardened@gentoo.org mailing list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic