[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] Where to
From: angel bosch <abo () brujulatelecom ! com>
Date: 2004-12-13 11:24:20
Message-ID: 1102937061.9887.10.camel () localhost
[Download RAW message or body]
i've been testing some more things.
i think auth part is working and the logon session fails on account
part. this is my auth conf:
-----------------------------------------------
auth sufficient pam_unix.so nullok
auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so
use_first_pass
auth [default=done] pam_ccreds.so action=validate use_first_pass
auth [default=done] pam_ccreds.so action=store
# auth [default=done] pam_ccreds.so action=update
auth optional pam_ccreds.so action=update
-----------------------------------------------
now the account part. if i use this configuration:
-----------------------------------------------
account [user_unknown=ignore default=done] pam_unix.so
account [authinfo_unavail=ignore default=done] pam_ldap.so
account required pam_deny.so
-----------------------------------------------
i get an error about user account expiration and returns me to login,
here is the output:
-----------------------------------------------
nortix login: abo
Password:
You have been logged on using cached credentials.
User account has expired
Debian GNU/Linux 3.1 nortix tty1
nortix login:
-----------------------------------------------
and if i change to this:
-----------------------------------------------
account [user_unknown=ignore default=done] pam_unix.so
account [authinfo_unavail=ignore default=done] pam_ldap.so
account [default=done] pam_permit.so
-----------------------------------------------
then that message doesnt appears but im also on login again:
-----------------------------------------------
nortix login: abo
Password:
You have been logged on using cached credentials.
Debian GNU/Linux 3.1 nortix tty1
nortix login:
-----------------------------------------------
note that in both cases it says im using cached credentials, so i asume
that auth part is working and account is what is failing.
regards
El dj 09 de 12 del 2004 a les 13:05 +0200, en/na Buchan Milne va
escriure:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> angel bosch wrote:
> | thx a lot for your info!
> |
> | i think im really close now. i get this error:
> |
> | User account has expired
> |
> | just after it says im using cached credentials.
> |
> | any hint?
>
> It's very difficult to diagnose pam problems without the full pam config
> file. Please include the entire contents of your pam configuration file
> for the service you are testing with (ie login), and any additional
> config files that take effect via pam_stack.
>
> Regards,
> Buchan
> - --
> Buchan Milne Senior Support Technician
> Obsidian Systems http://www.obsidian.co.za
> B.Eng RHCE (803004789010797)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBuDF2rJK6UGDSBKcRAl9lAKCHouAOkZ2cvSari68Kxw/IUlOwlQCgxE0W
> 68UYpKp53drGDTDO6Sy9Yks=
> =1pv0
> -----END PGP SIGNATURE-----
>
--
àngel bosch
abosch@brujulatelecom.com
-------------------------
software is like sex
is better when its free
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic