RSS feed

Re: User Authentication with nslcd 0.8.13

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: User Authentication with nslcd 0.8.13

On Thu, 2013-08-08 at 14:32 -0500, Priya Seshaadri wrote:
> Here's the objectdump of the other

Yes, this looks more like the nss-pam-ldapd version.

> Do you have any suggestions on how to debug the PAM module to see
> where it is failing?

It is probably best to remove or set aside the other PAM module. What
would be useful is configuring the PAM stack for su to use LDAP.

To figure out what is exactly going on is running (as root):

  strace -f -o logfile su - nobody -c 'su - someldapuser'

and log in (BEWARE: your typed-in password will probably end up in the
logfile). The login itself will probably fail because of running under
strace though but the logfile would then show exactly what was going on.

For example, it will show which files are opened (which PAM module,
which PAM configuration file, etc.). At a certain point it should
connect to /var/run/nslcd/socket.

Running nslcd in debug mode should show PAM requests coming in.

Most PAM modules also accept a debug argument (pam_unix and pam_ldap
both support this) which makes them present debugging output either to
stdout or to syslog.

-- arthur - - --
To unsubscribe send an email to or see