lists.arthurdejong.org
RSS feed

Re: User Authentication with nslcd 0.8.13

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: User Authentication with nslcd 0.8.13



Does nss-pam-ldapd require the LDAP server to provide LDAPS (LDAP over SSL) API? Is it a hard requirement or is it just something that's good to have? My server doesn't provide LDAPS right now. I might have to modify that.


On Wed, Aug 7, 2013 at 9:24 AM, Priya Seshaadri <priya.sesh [at] gmail.com> wrote:
This is the object dump of pam_ldap.so in /usr/lib/security:

-----------------------------------------

usr/lib/security/pam_ldap.so:     file format elf32-little

DYNAMIC SYMBOL TABLE:
00005f94 l    d  .init 00000000              .init
0003f00c l    d  .jcr 00000000              .jcr
00000000      D  *UND* 00000000              X509_NAME_entry_count
00000000      DF *UND* 00000000  GLIBC_2.4   getnameinfo
00000000      D  *UND* 00000000              BIO_new_mem_buf
00000000      DF *UND* 00000000              SSL_connect
00000000      DF *UND* 00000000  GLIBC_2.4   strerror
00000000      DF *UND* 00000000              SSL_set_bio
00000000      DF *UND* 00000000  GLIBC_2.4   inet_ntop
00000000      D  *UND* 00000000              OpenSSL_add_all_digests
00000000      DF *UND* 00000000              BIO_free
00000000      DF *UND* 00000000  GLIBC_2.4   geteuid
00000000      DF *UND* 00000000  GLIBC_2.4   connect
00000000      DF *UND* 00000000  GLIBC_2.4   srand
00000000      DF *UND* 00000000              SSL_CTX_set_client_CA_list
00000000      DF *UND* 00000000  LIBPAM_1.0  pam_get_user
00000000      DF *UND* 00000000  GLIBC_2.4   memcmp
00000000      DF *UND* 00000000              sk_free
00000000      DF *UND* 00000000  GLIBC_2.4   syslog
00000000      DF *UND* 00000000              SSL_add_dir_cert_subjects_to_stack
00000000      DF *UND* 00000000  LIBPAM_1.0  pam_strerror
00000000      DF *UND* 00000000  GCC_3.5     __aeabi_unwind_cpp_pr0
0000d6a4 g    DF .text 00000080  EXPORTED    pam_sm_open_session
00000000      D  *UND* 00000000              GENERAL_NAMES_free
00000000      D  *UND* 00000000              X509_STORE_CTX_get_error
00000000      DF *UND* 00000000  LIBPAM_1.0  pam_get_data
00000000  w   D  *UND* 00000000              __gmon_start__
00000000  w   D  *UND* 00000000              _Jv_RegisterClasses
00000000      D  *UND* 00000000              X509_NAME_oneline
00000000      D  *UND* 00000000              ASN1_STRING_length
00000000      DF *UND* 00000000              DH_size
00000000      DF *UND* 00000000  GLIBC_2.4   vsnprintf
00000000      DF *UND* 00000000              SSL_CTX_set_verify
00000000      DF *UND* 00000000  GLIBC_2.4   strncpy
00000000      DF *UND* 00000000  GLIBC_2.4   fclose
00000000      DF *UND* 00000000  GLIBC_2.4   fgets
00000000      DF *UND* 00000000  GLIBC_2.4   getenv
00000000      DO *UND* 00000000  GLIBC_2.4   sys_nerr
00000000      D  *UND* 00000000              RAND_load_file
00000000      DF *UND* 00000000              sk_value
00000000      DF *UND* 00000000  GLIBC_2.4   strchr
00000000      DF *UND* 00000000  GLIBC_2.4   strcasecmp
00000000      D  *UND* 00000000              RSA_generate_key_ex
00000000      DF *UND* 00000000              SSL_load_error_strings
00000000      DF *UND* 00000000  GLIBC_2.4   calloc
00000000      DF *UND* 00000000              SSL_CIPHER_get_bits
00000000      DF *UND* 00000000  GLIBC_2.4   fopen
00000000      D  *UND* 00000000              X509_STORE_set_flags
00000000      DF *UND* 00000000  GLIBC_2.4   memset
00000000      DF *UND* 00000000  GLIBC_2.4   gai_strerror
00000000      D  *UND* 00000000              BN_set_word
00000000      DF *UND* 00000000  GLIBC_2.4   freeaddrinfo
00000000      DF *UND* 00000000              BIO_clear_flags
00000000      DF *UND* 00000000  GLIBC_2.4   strrchr
00000000      DF *UND* 00000000  LIBPAM_1.0  pam_set_data
00000000      DF *UND* 00000000  LIBPAM_1.0  pam_set_item
00000000      D  *UND* 00000000              X509V3_EXT_d2i
00000000      DF *UND* 00000000              SSL_get_peer_certificate
00000000      DF *UND* 00000000  GLIBC_2.4   __assert_fail
00000000      DF *UND* 00000000              BIO_new
00000000      DF *UND* 00000000              X509_get_subject_name
00000000      DF *UND* 00000000              SSL_free
00000000      D  *UND* 00000000              X509_NAME_get_entry
00000000 g    DO *ABS* 00000000  EXPORTED    EXPORTED
00000000      DF *UND* 00000000  GLIBC_2.4   getuid
00000000      DF *UND* 00000000  GLIBC_2.4   free
00000000      DF *UND* 00000000  GLIBC_2.4   read
00000000      DF *UND* 00000000  GLIBC_2.4   write
00000000      DF *UND* 00000000              SSL_get_certificate
00000000      D  *UND* 00000000              X509_get_ext_by_NID
00000000      D  *UND* 00000000              RAND_egd
00000000      DF *UND* 00000000  GLIBC_2.4   inet_pton
00000000      DF *UND* 00000000  GLIBC_2.4   gettimeofday
00000000      DF *UND* 00000000              CRYPTO_free
00000000      DF *UND* 00000000  GLIBC_2.4   gethostbyname_r
00000000      D  *UND* 00000000              ERR_free_strings
00000000      DF *UND* 00000000  GLIBC_2.4   __xpg_strerror_r
00000000      DF *UND* 00000000  GLIBC_2.4   socket
00000000      DF *UND* 00000000  GLIBC_2.4   getaddrinfo
00000000      DF *UND* 00000000              SSL_CTX_new
00000000      DF *UND* 00000000  GLIBC_2.4   fflush
00000000      DF *UND* 00000000              SSL_get_verify_result
00000000      DF *UND* 00000000  GLIBC_2.4   inet_aton
00000000      DF *UND* 00000000              BIO_set_flags
0000cf50 g    DF .text 00000724  EXPORTED    pam_sm_authenticate
00000000      DF *UND* 00000000              SSL_read
00000000      DF *UND* 00000000              SSL_CTX_set_session_id_context
00000000      D  *UND* 00000000              EVP_cleanup
00000000      DF *UND* 00000000              SSL_pending
00000000      DF *UND* 00000000  GLIBC_2.4   strlen
0000e790 g    DF .text 00000b38  EXPORTED    pam_sm_acct_mgmt
00000000      DF *UND* 00000000              X509_verify_cert_error_string
00000000      DF *UND* 00000000              SSL_get_current_cipher
00000000      D  *UND* 00000000              X509_get_ext
00000000      DF *UND* 00000000  GLIBC_2.4   strtoul
00000000      DF *UND* 00000000  GLIBC_2.4   memcpy
00000000      DF *UND* 00000000  GLIBC_2.4   __h_errno_location
00000000      DF *UND* 00000000              RSA_new
00000000      DF *UND* 00000000  GLIBC_2.4   fopen64
00000000      DF *UND* 00000000  GLIBC_2.4   clock
00000000      DF *UND* 00000000              SSL_load_client_CA_file
00000000      DF *UND* 00000000              RSA_free
00000000      DF *UND* 00000000              SSL_CTX_load_verify_locations
00000000      DF *UND* 00000000  GLIBC_2.4   strtol
00000000      DF *UND* 00000000              SSL_alert_desc_string_long
00000000      DF *UND* 00000000  GLIBC_2.4   strcpy
00000000      DF *UND* 00000000  GLIBC_2.4   atol
00000000      DF *UND* 00000000  GLIBC_2.4   ctime
0000d674 g    DF .text 00000030  EXPORTED    pam_sm_setcred
00000000      D  *UND* 00000000              BN_new
00000000      DF *UND* 00000000  GLIBC_2.4   raise
00000000      DF *UND* 00000000  GLIBC_2.4   atoi
00000000      DF *UND* 00000000  GLIBC_2.4   gethostbyaddr
00000000      DF *UND* 00000000  GLIBC_2.4   shutdown
00000000      DF *UND* 00000000              SSL_state_string_long
00000000      DF *UND* 00000000              sk_num
00000000      D  *UND* 00000000              PEM_read_bio_DHparams
00000000      D  *UND* 00000000              ASN1_STRING_data
00000000      DF *UND* 00000000  GLIBC_2.4   close
0000d724 g    DF .text 00000030  EXPORTED    pam_sm_close_session
00000000      D  *UND* 00000000              RAND_file_name
00000000      DF *UND* 00000000              ERR_peek_error
00000000      DF *UND* 00000000              SSL_alert_type_string_long
00000000      DF *UND* 00000000              SSL_CTX_use_PrivateKey_file
00000000      DF *UND* 00000000              SSL_library_init
00000000      DF *UND* 00000000  GLIBC_2.4   strncasecmp
00000000      DF *UND* 00000000              SSL_CTX_use_certificate_file
00000000      DF *UND* 00000000  GLIBC_2.4   time
00000000      D  *UND* 00000000              RAND_write_file
00000000      DF *UND* 00000000  GLIBC_2.4   __ctype_b_loc
00000000      DF *UND* 00000000  GLIBC_2.4   fprintf
00000000      DF *UND* 00000000  GLIBC_2.4   strdup
00000000      D  *UND* 00000000              X509_STORE_CTX_get_current_cert
00000000      DF *UND* 00000000  GLIBC_2.4   malloc
00000000      DF *UND* 00000000              SSL_CTX_set_cipher_list
00000000      DF *UND* 00000000  GLIBC_2.4   gethostname
00000000      D  *UND* 00000000              ERR_remove_state
00000000      DF *UND* 00000000              i2d_X509_NAME
00000000      DF *UND* 00000000  GLIBC_2.4   gmtime_r
00000000      DF *UND* 00000000              SSL_new
00000000      DF *UND* 00000000              SSL_write
00000000      DF *UND* 00000000  GLIBC_2.4   poll
00000000      DO *UND* 00000000  GLIBC_2.4   sys_errlist
00000000      DF *UND* 00000000              SSL_CTX_get_cert_store
00000000      D  *UND* 00000000              X509V3_add_standard_extensions
00000000      DF *UND* 00000000              CRYPTO_add_lock
00000000      DF *UND* 00000000  GLIBC_2.4   strcat
00000000      DF *UND* 00000000  GLIBC_2.4   memmove
00000000      DF *UND* 00000000              X509_free
00000000      D  *UND* 00000000              OBJ_nid2obj
00000000      DF *UND* 00000000              sk_new_null
00000000      DF *UND* 00000000  GLIBC_2.4   getpid
00000000      DF *UND* 00000000              SSL_accept
00000000      D  *UND* 00000000              ERR_error_string_n
00000000      D  *UND* 00000000              DH_generate_parameters
00000000      DF *UND* 00000000              SSL_shutdown
00000000      DF *UND* 00000000  GLIBC_2.4   fcntl
00000000      D  *UND* 00000000              BIO_new_file
00000000      DF *UND* 00000000              SSL_CTX_set_info_callback
00000000      DO *UND* 00000000  GLIBC_2.4   stderr
00000000      DF *UND* 00000000  GLIBC_2.4   rand
00000000      D  *UND* 00000000              X509_get_issuer_name
00000000      D  *UND* 00000000              RAND_status
00000000      DF *UND* 00000000              SSL_CTX_set_default_verify_paths
00000000      DF *UND* 00000000  GLIBC_2.4   crypt
00000000      DF *UND* 00000000  GLIBC_2.4   snprintf
00000000      D  *UND* 00000000              ERR_get_error_line
00000000      DF *UND* 00000000              SSL_CTX_set_tmp_rsa_callback
00000000      DF *UND* 00000000  GLIBC_2.4   strncmp
00000000      DF *UND* 00000000              SSL_CTX_ctrl
00000000      D  *UND* 00000000              OBJ_cmp
00000000      DF *UND* 00000000  GLIBC_2.4   getpeername
00000000      D  *UND* 00000000              X509_STORE_CTX_get_error_depth
00000000      DF *UND* 00000000  GLIBC_2.4   gethostbyname
00000000      DF *UND* 00000000  GLIBC_2.4   realloc
0000d754 g    DF .text 0000103c  EXPORTED    pam_sm_chauthtok
00000000      DF *UND* 00000000              SSL_CTX_set_tmp_dh_callback
00000000      DF *UND* 00000000  GLIBC_2.4   setsockopt
00000000      DF *UND* 00000000  GCC_3.5     __aeabi_unwind_cpp_pr1
00000000      DF *UND* 00000000  LIBPAM_1.0  pam_get_item
00000000      DF *UND* 00000000  GLIBC_2.4   memchr
00000000      D  *UND* 00000000              BN_free
00000000      DF *UND* 00000000  GLIBC_2.4   strcmp
00000000      D  *UND* 00000000              X509_NAME_ENTRY_get_data
00000000      DF *UND* 00000000              SSL_get_error
00000000      DF *UND* 00000000  GLIBC_2.4   __errno_location
00000000      DF *UND* 00000000              SSL_CTX_free
00000000  w   DF *UND* 00000000  GLIBC_2.4   __cxa_finalize
00000000      DF *UND* 00000000  GLIBC_2.4   sprintf
00000000      DF *UND* 00000000              SSLv23_method
00000000      DF *UND* 00000000  GLIBC_2.4   fputs
-------------------------------------------------------------


On Wed, Aug 7, 2013 at 9:01 AM, Priya Seshaadri <priya.sesh [at] gmail.com> wrote:
Are you sure /lib/security/pam_ldap.so is the nss-pam-ldapd version? Can
you do:
  ldd /lib/security/pam_ldap.so
  objdump -TC /lib/security/pam_ldap.so

There was another pam_ldap.so in /usr/lib/security. I got different object dumps for the 2 copies of the pam_ldap.so files that I had. I changed the files in /etc/pam.d to use the .so file from /usr/lib/security. But no luck. Still doesn't work.




-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/