Pam Authorization Problem
jesk
jesk at killall.org
Thu Nov 18 04:18:32 PST 2004
> iam very amazed, because i thought that with this ldap line its also
> necessary that
> 'account required pam_unix.so' must return 'ok' that the authorization
> part is successfull, but the ldap account is there not available.
> but thanks anyway it solved my requirements!
hi again,
i recognized that if the user is found via AUTH in ldap and authenticated
there, that its not possible for ACCOUNT to jump from pam_ldap.so to
pam_unix.so. i checked this as i used 'su' to switch to root but then i
became the message:
---
You must be a uniqueMember of cn=klever,ou=hosts,dc=x,dc=x,dc=x to login.
su: Sorry
---
root does exist in ldap for AUTH but not for ACCOUNT, but root should be
used locally via
pam_unix.so.
/etc/pam.d/system is configured like /etc/pam.d/sshd and so /etc/pam.d/su
should be very likely the same as /etc/pam.d/sshd through the include in it.
maybe you have an answer to this too :)
thanks!
More information about the freebsd-stable
mailing list