lists.arthurdejong.org
RSS feed

Re: shadowexpired user in FreeBSD??

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: shadowexpired user in FreeBSD??



On Sun, 2017-06-11 at 14:47 +0800, Chi Min Wang wrote:
> I am trying to management user account with LDAP in FreeBSD.
> The pam_unix in FreeBSD could inform Dovecot for expired local
> account correctly.  When I set LDAP shadow account expired,nslcd
> could recognize it correctly,but could not inform the Dovecot auth-
> worker(it just simply died unexpectedly). Could anyone give some
> advise??

How your PAM stack works really depends on how it is configured in
/etc/pam.d/dovecot (probably). I'm not really sure about the FreeBSD
PAM stack but from your logs it seems that the pam_ldapd module is
called at least for authentication (auth).

It also needs to be called for authorisation (account) and I don't see
that in your logs.

There is also in the logs:

Jun 11 14:38:48 ldap dovecot: auth: Error: auth worker: Aborted PASSV
request for test: Worker process died unexpectedly
Jun 11 14:38:48 ldap dovecot: auth-worker: Fatal: master: service(auth-
worker): child 67159 killed with signal 11 (core not dumped)

which indicates a crash. If the pam_ldapd module causes this I would
like to know. If you could provide a backtrace from this crash it would
be helpful.

You can configure debug logging of the pam_ldapd module by adding debug
to the pam_ldapd.so argument list in your PAM configuration. You could
also post your PAM config (/etc/pam.d/dovecot) for more details.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/