Re: shadowexpired user in FreeBSD??
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: shadowexpired user in FreeBSD??
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: shadowexpired user in FreeBSD??
- Date: Sun, 11 Jun 2017 18:03:52 +0200
On Sun, 2017-06-11 at 14:47 +0800, Chi Min Wang wrote:
> I am trying to management user account with LDAP in FreeBSD.
> The pam_unix in FreeBSD could inform Dovecot for expired local
> account correctly. When I set LDAP shadow account expired,nslcd
> could recognize it correctly,but could not inform the Dovecot auth-
> worker(it just simply died unexpectedly). Could anyone give some
> advise??
How your PAM stack works really depends on how it is configured in
/etc/pam.d/dovecot (probably). I'm not really sure about the FreeBSD
PAM stack but from your logs it seems that the pam_ldapd module is
called at least for authentication (auth).
It also needs to be called for authorisation (account) and I don't see
that in your logs.
There is also in the logs:
Jun 11 14:38:48 ldap dovecot: auth: Error: auth worker: Aborted PASSV
request for test: Worker process died unexpectedly
Jun 11 14:38:48 ldap dovecot: auth-worker: Fatal: master: service(auth-
worker): child 67159 killed with signal 11 (core not dumped)
which indicates a crash. If the pam_ldapd module causes this I would
like to know. If you could provide a backtrace from this crash it would
be helpful.
You can configure debug logging of the pam_ldapd module by adding debug
to the pam_ldapd.so argument list in your PAM configuration. You could
also post your PAM config (/etc/pam.d/dovecot) for more details.
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
