RSS feed

system (pam) don't works right

[Date Prev][Date Next] [Thread Prev][Thread Next]

system (pam) don't works right

Hi, I use this options in system (/etc/pam.d/) config in freebsd:


# auth

auth            sufficient                     no_warn no_fake_prompts

auth            requisite               no_warn allow_local

auth            sufficient      /usr/local/lib/      try_first_pass

auth            required                     no_warn try_first_pass


# account

account         required

account         sufficient      /usr/local/lib/

account         required


# session

session         required                  no_fail

session         optional        /usr/local/lib/

session         optional        /usr/local/lib/


# password

password        required                     no_warn try_first_pass


and this filter in NSLCD:


pam_authz_search (&(AccountEnable=TRUE)(uid=$username)(|(memberOf=cn=$hostname,ou=servers,ou=sys,o=test,c=ru)(memberOf=cn=$hostname,ou=$service,ou=servers,ou=sys,o=test,c=ru)))


if I delete myself from all groups in ldap server, I still can login from console on the server. If I use same config in sshd (/etc/pam.d/) I cannot login under openssh, ie it works correctly. Why?

Best regards, Varnakov Kiril


To unsubscribe send an email to or see