Re: shadowexpired user in FreeBSD??

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Chi Min Wang <cmwang [at] green-computing.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: shadowexpired user in FreeBSD??
Date: Tue, 13 Jun 2017 21:29:55 +0800

Hello Everyone:

I found the check_shadow() in nss-pam-ldapd/nslcd/pam.c willreturn shadow account expired or not. But the nslcd_pam_authc() ignoreit(just return 0). So I modify it to check the authzrc. It seemsdovecot's auth-worker could recognize the shadow user is expired. But itstill died unexpectedly. Any advise??

Attachment: authzrc.JPG
Description: JPEG image

Jun 13 20:19:16 nopam_ldap auth: in openpam_dispatch(): calling 
pam_sm_acct_mgmt() in /usr/local/lib/pam_ldap.so
Jun 13 20:19:16 nopam_ldap auth: in pam_get_user(): entering
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): entering: PAM_USER
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: in pam_get_user(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: in pam_get_data(): entering: 'PAM_LDAPD_CTX'
Jun 13 20:19:16 nopam_ldap auth: in pam_get_data(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): entering: PAM_SERVICE
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): entering: PAM_RUSER
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): entering: PAM_RHOST
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): entering: PAM_TTY
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap auth: nslcd authorisation; user=test
Jun 13 20:19:16 nopam_ldap auth: in pam_vprompt(): entering
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): entering: PAM_CONV
Jun 13 20:19:16 nopam_ldap auth: in pam_get_item(): returning PAM_SUCCESS
Jun 13 20:19:16 nopam_ldap dovecot: auth-worker(37496): Debug: 
pam(test,127.0.0.1,<JWW2cdZRys9/AAAB>): #1/1 style=3 msg=password expired 17241 
days ago
Jun 13 20:19:16 nopam_ldap dovecot: auth-worker(37654): Debug: Loading modules 
from directory: /usr/local/lib/dovecot/auth
Jun 13 20:19:16 nopam_ldap dovecot: auth-worker(37654): Debug: Module loaded: 
/usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Jun 13 20:19:18 nopam_ldap dovecot: auth: Debug: client passdb out: FAIL        
1       user=test       temp

Jun 13 20:19:16 nopam_ldap dovecot: auth: Error: auth worker: Aborted PASSV 
request for test: Worker process died unexpectedly
Jun 13 20:19:16 nopam_ldap dovecot: auth-worker(37496): Fatal: master: 
service(auth-worker): child 37496 killed with signal 11 (core not dumped)
Jun 13 20:19:27 nopam_ldap dovecot: pop3-login: Aborted login (auth failed, 1 
attempts in 11 secs): user=<test>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, 
secured, session=<JWW2cdZRys9/AAAB>

nslcd: version 0.9.7 starting
nslcd: accepting connections
nslcd: [ba2518] <authc="test"> uid=test,ou=network,ou=it,dc=xxxx,dc=com: 
"${shadowMax:--1}": password expired 17241 days ago

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

shadowexpired user in FreeBSD??, Chi Min Wang
- Re: shadowexpired user in FreeBSD??, Arthur de Jong
  - Re: shadowexpired user in FreeBSD??, Chi Min Wang
  - Re: shadowexpired user in FreeBSD??, Chi Min Wang
  - Message not available
    - Message not available
      - Re: shadowexpired user in FreeBSD??, Chi Min Wang
        
        Re: shadowexpired user in FreeBSD??, Arthur de Jong
        
        Re: shadowexpired user in FreeBSD??, Chi Min Wang

Prev by Date: Re: Support for Base64 encoded values
Next by Date: Re: Need help in integration of pam and ldap using nss-pam-ldapd
Previous by thread: Re: shadowexpired user in FreeBSD??
Next by thread: Re: shadowexpired user in FreeBSD??