pam_unix succeeds unexpectedly with libnss-ldapd
[Date Prev][Date Next] [Thread Prev][Thread Next]pam_unix succeeds unexpectedly with libnss-ldapd
- From: Christopher Price <Christopher.Price [at] esentire.com>
- To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: pam_unix succeeds unexpectedly with libnss-ldapd
- Date: Thu, 15 Mar 2018 19:26:59 +0000
|
I am attempting to replace libnss-ldap with libnss-ldapd. I am running Ubuntu 16.04 and controlling LDAP access via the pam_listfile module in /etc/pam.d/common-account.
/etc/pam.d/common-auth auth required pam_env.so envfile=/etc/default/locale
/etc/pam.d/common-account account sufficient pam_unix.so account required pam_listfile.so _onerr_=fail item=group sense=allow file=/etc/login.group.allowed account required pam_ldap.so
This works fine with libnss-ldap. When I switch to libnss-ldapd, LDAP users who are not part of a group listed in login.group.allowed are able to login via SSH. I have narrowed the problem down to specifically the pam_unix module in common-account. Note that the pam_unix in common-auth does NOT succeed.
What am I doing wrong here? |
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- pam_unix succeeds unexpectedly with libnss-ldapd, Christopher Price
- Re: pam_unix succeeds unexpectedly with libnss-ldapd,
Trent W. Buck
- Re: pam_unix succeeds unexpectedly with libnss-ldapd, Christopher Price
- Prev by Date: Re: cannot find name for group ID on all groups
- Next by Date: Re: pam_unix succeeds unexpectedly with libnss-ldapd
- Previous by thread: Re: cannot find name for group ID on all groups
- Next by thread: Re: pam_unix succeeds unexpectedly with libnss-ldapd