[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: RE: [pamldap] Bug when logging into CDE on Solaris when using pam_ldap
From: Glenn Case <ldap () glennc ! net>
Date: 2003-01-28 20:45:26
[Download RAW message or body]
I think I have this working now (I am still testing this )
But it is still a hack :-)
This was the behavior I was seeing in the dtsession crashes I was
dealing with earlier.
(This was on Solaris 8)
The issue was introduced somewhere after pam_ldap-152 and I believe is
the addition of the
-B group flag to the link line for pam_ldap.so which fixes a number of
other issues but causes
a number of build time headaches (the build time issues cause dtsession
to crash )
The solution I found that worked was to link some of the libraries
(openldap,openssl) staticly into pam_ldap.so
When you do this remember to remove the -B group option from the link line.
(Or else reboot single user/ restore good pam_ldap/ reboot again/
log in and relink again )
http://www.netsys.com/pamldap/2002/11/msg00046.html
was the hint that I recieved.
If you want openssl to compile correctly for use with -B group you may
need to link it differently
http://www.netsys.com/pamldap/2002/10/msg00051.html
Describes how.
When I finally get this fully working I probably should write it up and
post the solution to the list.
Thanks
Glenn
> I don't see a Solaris version number anywhere, but I'm assuming you are
> referring to Solaris 2.8. If you are dealing with Solaris 2.7
disregard this
> message- 2.7 is a lost cause and is not worth dealing with.
>
> If memory serves, we found that one of the processes that helps
manage CDE
> does a segv. We solved this problem and other problems in Connexitor
Naming
> Services (CNS), our packaged build of pam_ and nss_ldap. If you care
to try
> it, you can download it at http://www.symas.net/download/connexitor/.
>
> -Matthew Hardin
> Symas Corporation
>
>
> > -----Original Message-----
> > From: owner-pamldap@PADL.COM [mailto:owner-pamldap@PADL.COM]On
Behalf Of
> > Lance Rathbone
> > Sent: Monday, January 27, 2003 6:21 PM
> > To: pamldap@padl.com
> > Subject: Re: [pamldap] Bug when logging into CDE on Solaris when using
> > pam_ldap
> >
> >
> > Mike
> >
> > It appears I am getting the same problem you have noted
> > Unfortunately, none of our systems have sudo installed and this is
> > unlikely to change.
> >
> > I'm wondering if the ExitSession problem occurs because something has
> > gone wrong in the dtlogin startup sequence?
> > I say this because:
> > 1. When logging in as an ldap user a new .dtprofile is created each
time
> > 2. .dt/startlog says that DTSOURCEPROFILE is false even though the
> > newly created .dtprofile says that it is true.
> >
> > This does not happen when a 'file' user logs in.
> > I would have thought that both types of users would have been treated
> > exactly the same in this respect.
> >
> >
> >
> > >I just sent this to someone else who asked the same question:
> > >
> > > I got the CDE login working with pam_ldap and nss_ldap, but
> > it's a hack.
> > >I'm not proud of it, but it works. Once I got nss_ldap working things
> > >got better to where I could login to the CDE, but could not log out.
> > >It would shutdown some of the processes but not all, leaving me in
> > >the gui. When I hit "exit" a 2nd time I would get an error message
> > >to the effect of "tt_err_no_match: there is no running process to
service
> > >this request."
> > >
> > >I found that it was getting far enough to run the sessionexit script,
> > >so I hacked it to run a script that kills off all of the dt processes
> > >with the help of sudo since it requires root privileges, and now
> > everything
> > >works normally (from the user's perspective). So here's the flood of
> > >information about how I got all this working:
> > >
> > >-
> > >
> > >session exit hack (add this to /usr/dt/config/sessionexit:
> > >
> > ># hack to kill dt processes
> > > /usr/local/adm/bin/sudo /usr/local/adm/bin/kill-dt-procs
> > >
> > >---- end of sessionexit hack
> > >
> > >kill-dt-procs script:
> > >
> > >#!/bin/sh
> > >#
> > ># kill the dtlogin processes
> > >#
> > >PS=`/bin/ps -ef | grep dt | egrep -v 'grep' | awk '{print $2}'`
> > >PS2=`echo $PS | sed 's/\n//g'`
> > >
> > >/bin/kill $PS2 >/tmp/kill-log 2>&1
> > >
> > >sleep 3
> > >
> > >/etc/init.d/dtlogin start
> > >
> > >---- end of kill-dt-procs script
> > >
> > >contents of /usr/local/etc/sudoers:
> > >
> > >#----------------------------------------------------------------
> > ---------
> > ># name of server to allow this to run on and don't require a password:
> > ># --------\
> > >ALL btc1.wright.edu = NOPASSWD: /usr/local/adm/bin/kill-dt-procs
> > >
> > >--- end of sudoers file
> > >
> >
> > --
> > =====================================
> >
> > Lance Rathbone BSc MCompStud
> > Senior IT Officer
> > Institute for Molecular Bioscience
> > The University of Queensland
> > Brisbane QLD 4072
> > AUSTRALIA
> >
> >
> > Tel +61 7 3365 1289
> > http://www.imb.uq.edu.au
> > =====================================
> >
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic