Re: pam_authz_search being ignored

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: "CHOUDARY, ANIRUDH (Ext)" <anirudh.choudary [at] novartis.com>, "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Cc: "Madan Mohan, Amarnath" <amarnath.madan_mohan [at] novartis.com>
Subject: Re: pam_authz_search being ignored
Date: Thu, 31 Oct 2019 20:39:09 +0100

On Tue, 2019-10-29 at 16:21 +0000, CHOUDARY, ANIRUDH (Ext) wrote:
> We have two applications running in docker containers that are using
> the same set of configurations for nslcd.conf and pam.d files.
>  
> When one application (Rstudio) uses the nslcd for authentication, the
> pam_authz_search kicks in.
> However, when the other application (shiny) uses the nslcd for
> authentication the pam_authz_search filter is ignored.

Hi Anirudh,

In a PAM stack there is an authentication (auth) and authorisation
(account) phase. It seems the second application is not doing the
authorisation part (pam_authz_search is only used on the authorisation
phase).

It should be possible to debug this by appending the debug option to
the pam_ldap line in your PAM configuration files. These log messages
generally end up in your auth log (/var/log/auth.log or
/var/log/secure).

In fact, a lot of PAM modules accept the debug option which can help in
tracking down how your PAM stack (and application) operate.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

pam_authz_search being ignored, CHOUDARY, ANIRUDH (Ext)
- Re: pam_authz_search being ignored, Arthur de Jong

Prev by Date: pam_authz_search being ignored
Next by Date: very slow initialization after reboot
Previous by thread: pam_authz_search being ignored
Next by thread: very slow initialization after reboot