lists.arthurdejong.org
RSS feed

Re: authentication puzzle

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: authentication puzzle

On Tue, 11 Mar 2014, Eneida Lima wrote:

> 2. /etc/pam.d/system-auth-ac
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_ldap.so try_first_pass
> auth        sufficient    pam_unix.so nullok use_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        required      pam_deny.so
> 
> account     required      pam_unix.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> #account     sufficient    pam_ldap.so
> account     required      pam_permit.so
> 
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
> password    sufficient    pam_ldap.so crypt shadow nullok use_authtok
> use_first_pass
> password    required      pam_deny.so
> 
> session     optional      pam_keyinit.so revoke
> #session     optional      pam_ldap.so
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session     required      pam_unix.so

This /etc/pam.d/system-auth-ac is working for me.
..........
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass 
use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet 
use_uid
session     required      pam_unix.so
session     optional      pam_sss.so
..........

This Scientific Linux 6.5 box was using sssd to authenticate until I
did a "yum remove" on some samba bits and it removed sssd. Oops no
more (LDAP) logins. Doing a "/etc/init.d/nslcd start" made things work.
/etc/nslcd.conf had been previously configured.

-- 
Tim Rice                                Multitalents
tim@multitalents.net


-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/